]> git.ipfire.org Git - thirdparty/krb5.git/commit
projects / thirdparty / krb5.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5bae4fe) | patch
Length check when parsing GSS token encapsulation krb5-1.14
authorGreg Hudson <ghudson@mit.edu>
Sat, 11 Nov 2017 18:42:28 +0000 (13:42 -0500)
committerGreg Hudson <ghudson@mit.edu>
Wed, 22 Nov 2017 16:26:07 +0000 (11:26 -0500)
commitb70ef60b1290ff6b6a028ac51ee761222e083720
tree17cd7e73a25c2e0a732b7355e27e6c5fe6974264tree
parent5bae4fe119e22accab3d9045a9524530995596e9commit | diff
Length check when parsing GSS token encapsulation

gssint_get_mech_type_oid() is used by gss_accept_sec_context() to
determine the mechanism of the token.  Without length checking, it
might read a few bytes past the end of the input token buffer.  Add
length checking as well as test cases for truncated encapsulations.
Reported by Bar Katz.

(cherry picked from commit f949e990f930f48df1f108fe311c58ae3da18b24)

ticket: 8620
version_fixed: 1.14.7
src/lib/gssapi/mechglue/g_glue.c diff | blob | blame | history
src/tests/gssapi/t_invalid.c diff | blob | blame | history
Mirror of https://github.com/krb5/krb5.git