Skip to content

Commit 1a6a6e4

Browse files
author
Viktor Dukhovni
committed
Security: Avoid NULL structure pointer member dereference
This can happen in the error path when processing malformed AS requests with a NULL client name. Bug originally introduced on Fri Feb 13 09:26:01 2015 +0100 in commit: a873e21 kdc: base _kdc_fast_mk_error() on krb5_mk_error_ext() Original patch by Jeffrey Altman <jaltman@secure-endpoints.com>
1 parent abee4b3 commit 1a6a6e4

File tree

1 file changed

+5
-3
lines changed

1 file changed

+5
-3
lines changed

Diff for: kdc/kerberos5.c

+5-3
Original file line numberDiff line numberDiff line change
@@ -2232,15 +2232,17 @@ _kdc_as_rep(kdc_request_t r,
22322232
/*
22332233
* In case of a non proxy error, build an error message.
22342234
*/
2235-
if(ret != 0 && ret != HDB_ERR_NOT_FOUND_HERE && reply->length == 0) {
2235+
if (ret != 0 && ret != HDB_ERR_NOT_FOUND_HERE && reply->length == 0) {
22362236
ret = _kdc_fast_mk_error(context, r,
22372237
&error_method,
22382238
r->armor_crypto,
22392239
&req->req_body,
22402240
ret, r->e_text,
22412241
r->server_princ,
2242-
&r->client_princ->name,
2243-
&r->client_princ->realm,
2242+
r->client_princ ?
2243+
&r->client_princ->name : NULL,
2244+
r->client_princ ?
2245+
&r->client_princ->realm : NULL,
22442246
NULL, NULL,
22452247
reply);
22462248
if (ret)

0 commit comments

Comments
 (0)