From: Greg Hudson <ghudson@mit.edu>
Date: Wed, 25 Sep 2019 16:57:56 +0000 (-0400)
Subject: Fix KDC crash when logging PKINIT enctypes
X-Git-Tag: krb5-1.18-beta1~53
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c3e62609849ab62caf52fa9b90d9ab60d365a64d;p=thirdparty%2Fkrb5.git

Fix KDC crash when logging PKINIT enctypes

Commit a649279727490687d54becad91fde8cf7429d951 introduced a KDC crash
bug due to transposed strlcpy() arguments.  Fix the argument order.

This bug does not affect any MIT krb5 release, but affects the Fedora
krb5 packages due to backports.  CVE-2019-14844 has been issued as a
result.

ticket: 8772
---

diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c
index 936ec23b20..8c0fa8c072 100644
--- a/src/kdc/kdc_util.c
+++ b/src/kdc/kdc_util.c
@@ -1107,7 +1107,7 @@ enctype_name(krb5_enctype ktype, char *buf, size_t buflen)
     else
         return krb5_enctype_to_name(ktype, FALSE, buf, buflen);
 
-    if (strlcpy(name, buf, buflen) >= buflen)
+    if (strlcpy(buf, name, buflen) >= buflen)
         return ENOMEM;
     return 0;
 }