Fix: fail if KDC element has an invalid separation (#1044)

jjnicola · web-flow · commit 05f2dabc921e · 2025-06-23T07:16:19.000-03:00
diff --git a/ospd_openvas/preferencehandler.py b/ospd_openvas/preferencehandler.py
@@ -694,12 +694,23 @@ def build_credentials_as_prefs(self, credentials: Dict) -> List[str]:
                         "Missing realm for Kerberos authentication."
                     )
                     continue
+                elif ';' in realm or '|' in realm:
+                    self.errors.append(
+                        "Invalid separator in realm for Kerberos "
+                        "authentication."
+                    )
+                    continue
                 kdc = cred_params.get('kdc', '')
                 if not kdc:
                     self.errors.append(
                         "Missing KDC for Kerberos authentication."
                     )
                     continue
+                elif ';' in kdc or '|' in kdc:
+                    self.errors.append(
+                        "Invalid separator in KDC for Kerberos authentication."
+                    )
+                    continue
                 cred_prefs_list.append(
                     f'{OID_KRB5_AUTH}:1:entry:KRB5 login:|||{username}'
                 )
