git.ipfire.org Git - thirdparty/krb5.git/commit

author	Tom Yu <tlyu@mit.edu>
	Wed, 1 Aug 2012 02:45:08 +0000 (22:45 -0400)
committer	Tom Yu <tlyu@mit.edu>
	Wed, 1 Aug 2012 17:42:26 +0000 (13:42 -0400)
commit	3551501359c6d2396fa4779d378ae165f5b37242
tree	d5d9c24305b0d2468d5b1f0f7de9d3cf18af2928	tree
parent	f6f5c680aa0a57f581e5f192cef46567cc7415e2	commit \| diff

Fix KDC heap corruption vuln [CVE-2012-1015]

Fix KDC heap corruption vulnerability [MITKRB5-SA-2012-001
CVE-2012-1015]. The cleanup code in
kdc_handle_protected_negotiation() in kdc_util.c could free an
uninitialized pointer in some error conditions involving "similar"
enctypes and a failure in krb5_c_make_checksum().

Additionally, adjust the handling of "similar" enctypes to avoid
advertising enctypes that could lead to inadvertent triggering of this
vulnerability (possibly in unpatched KDCs).

Note that CVE-2012-1014 (also described in MITKRB5-SA-2012-001) only
applies to the krb5-1.10 branch and doesn't affect the master branch
or releases prior to krb5-1.10.

ticket: 7225 (new)
target_version: 1.9.5
tags: pullup

src/kdc/kdc_preauth.c		diff \| blob \| blame \| history
src/kdc/kdc_util.c		diff \| blob \| blame \| history
src/lib/kdb/kdb_default.c		diff \| blob \| blame \| history