Permalink
Browse files

ticket: 6542

version_fixed: 1.7.1
status: resolved

pull up r22516 from trunk
 ------------------------------------------------------------------------
 r22516 | ghudson | 2009-08-10 15:12:47 -0400 (Mon, 10 Aug 2009) | 8 lines

 ticket: 6542
 subject: Check for null characters in pkinit cert fields
 tags: pullup
 target_version: 1.7

 When processing DNS names or MS UPNs in pkinit certs, disallow
 embedded null characters.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22811 dc483132-0cff-0310-8789-dd5450dbe970
  • Loading branch information...
tlyu
tlyu committed Sep 29, 2009
1 parent e03eddd commit 55ddf54268899a6085e04daff81c5cc02492430e
Showing with 7 additions and 0 deletions.
  1. +7 −0 src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
@@ -1761,6 +1761,9 @@ crypto_retrieve_X509_sans(krb5_context context,
} else if (upns != NULL
&& OBJ_cmp(plgctx->id_ms_san_upn,
gen->d.otherName->type_id) == 0) {
/* Prevent abuse of embedded null characters. */
if (memchr(name.data, '\0', name.length))
break;
ret = krb5_parse_name(context, name.data, &upns[u]);
if (ret) {
pkiDebug("%s: failed parsing ms-upn san value\n",
@@ -1778,6 +1781,10 @@ crypto_retrieve_X509_sans(krb5_context context,
break;
case GEN_DNS:
if (dnss != NULL) {
/* Prevent abuse of embedded null characters. */
if (memchr(gen->d.dNSName->data, '\0',
gen->d.dNSName->length))
break;
pkiDebug("%s: found dns name = %s\n",
__FUNCTION__, gen->d.dNSName->data);
dnss[d] = (unsigned char *)

0 comments on commit 55ddf54

Please sign in to comment.