size = ntohl(size);
if (size < 0) {
+ if (size == INT32_MIN) /* INT32_MIN inverts to itself. */
+ return KRB5_KT_FORMAT;
if (fseek(KTFILEP(id), -size, SEEK_CUR)) {
return errno;
}
return errno;
} else if (size < 0) {
/* Empty record; use if it's big enough, seek past otherwise. */
+ if (size == INT32_MIN) /* INT32_MIN inverts to itself. */
+ return KRB5_KT_FORMAT;
size = -size;
if (size >= *size_needed) {
*size_needed = size;
test_addent(realm, 'exp', '-f')
test_addent(realm, 'pexp', '-f')
-success('Keytab-related tests')
+# Regression test for #8914: INT32_MIN length can cause backwards seek
+mark('invalid record length')
+f = open(realm.keytab, 'wb')
+f.write(b'\x05\x02\x80\x00\x00\x00')
+f.close()
+msg = 'Bad format in keytab while scanning keytab'
+realm.run([klist, '-k'], expected_code=1, expected_msg=msg)
+
success('Keytab-related tests')
projects / thirdparty / krb5.git / commitdiff
