]> git.ipfire.org Git - thirdparty/krb5.git/commit
projects / thirdparty / krb5.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 316bf74) | patch
PKINIT null pointer deref [CVE-2013-1415]
authorXi Wang <xi.wang@gmail.com>
Thu, 14 Feb 2013 23:17:40 +0000 (18:17 -0500)
committerBen Kaduk <kaduk@mit.edu>
Fri, 15 Feb 2013 19:28:41 +0000 (14:28 -0500)
commitc773d3c775e9b2d88bcdff5f8a8ba88d7ec4e8ed
tree93132fc1318cbc47d5567efd03cc84e78e3c7445tree
parent316bf74b4696058e2b60c95c9d0fc90d6c2c2ffecommit | diff
PKINIT null pointer deref [CVE-2013-1415]

Don't dereference a null pointer when cleaning up.

The KDC plugin for PKINIT can dereference a null pointer when a
malformed packet causes processing to terminate early, leading to
a crash of the KDC process.  An attacker would need to have a valid
PKINIT certificate or have observed a successful PKINIT authentication,
or an unauthenticated attacker could execute the attack if anonymous
PKINIT is enabled.

CVSSv2 vector: AV:N/AC:M/Au:N/C:N/I:N/A:C/E:P/RL:O/RC:C

This is a minimal commit for pullup; style fixes in a followup.
[kaduk@mit.edu: reformat and edit commit message]

ticket: 7570 (new)
target_version: 1.11.1
tags: pullup
src/plugins/preauth/pkinit/pkinit_crypto_openssl.c diff | blob | blame | history
Mirror of https://github.com/krb5/krb5.git