]> git.ipfire.org Git - thirdparty/krb5.git/commit
projects / thirdparty / krb5.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 42e2a33) | patch
Fix correctness in LDAP delegation ACL checking 1424/head
authorGreg Hudson <ghudson@mit.edu>
Fri, 11 Apr 2025 06:14:57 +0000 (02:14 -0400)
committerGreg Hudson <ghudson@mit.edu>
Tue, 22 Apr 2025 19:11:30 +0000 (15:11 -0400)
commit8456b1f0f55fbb42f983df1418c65bef9c71ad66
tree394211e5b555c2c8b4998408d3cd64562e2c6d58tree
parent42e2a33ada511bd1b52df71d763bf1156355d332commit | diff
Fix correctness in LDAP delegation ACL checking

The LDAP KDB module synthesizes KRB5_TL_CONSTRAINED_DELEGATION_ACL
tl-data when fetching a principal entry, and checks against those
values in krb5_ldap_check_allowed_to_delegate().  To avoid a locally
incorrect use of a counted data type, adjust the synthesized
attributes to include the trailing zero byte in tl_data_length, and
verify the zero terminator before calling krb5_parse_name() on the
value.
src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c diff | blob | blame | history
src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c diff | blob | blame | history
Mirror of https://github.com/krb5/krb5.git