]> git.ipfire.org Git - thirdparty/krb5.git/commitdiff
projects / thirdparty / krb5.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b2b06fa)
Prevent null dereference with keyboard master key
authorGreg Hudson <ghudson@mit.edu>
Tue, 18 Jul 2017 16:29:12 +0000 (12:29 -0400)
committerGreg Hudson <ghudson@mit.edu>
Fri, 22 Sep 2017 15:39:56 +0000 (11:39 -0400)
If krb5_db_fetch_mkey() prompts for a master key and needs to
determine the kvno, check that the master entry contains any key data
before dereferencing the first element.  Reported by Joshua Schaeffer.

(cherry picked from commit 29c504504f0c56c861d968ba2498590bf34714cd)

ticket: 8600
version_fixed: 1.15.2

src/lib/kdb/kdb5.c patch | blob | blame | history

diff --git a/src/lib/kdb/kdb5.c b/src/lib/kdb/kdb5.c
index 4adf0fcbb20132f5b1dd30bc809739a43f92b326..690725765d0eb7572e0447b9b59ef1d129265ec0 100644 (file)
--- a/src/lib/kdb/kdb5.c
+++ b/src/lib/kdb/kdb5.c
@@ -1220,11 +1220,12 @@ krb5_db_fetch_mkey(krb5_context context, krb5_principal mname,
             krb5_db_entry *master_entry;
 
             rc = krb5_db_get_principal(context, mname, 0, &master_entry);
-            if (rc == 0) {
+            if (rc == 0 && master_entry->n_key_data > 0)
                 *kvno = (krb5_kvno) master_entry->key_data->key_data_kvno;
-                krb5_db_free_principal(context, master_entry);
-            } else
+            else
                 *kvno = 1;
+            if (rc == 0)
+                krb5_db_free_principal(context, master_entry);
         }
 
         if (!salt)
Mirror of https://github.com/krb5/krb5.git