Skip to content
Permalink
Browse files Browse the repository at this point in the history
Security: Avoid NULL structure pointer member dereference
This can happen in the error path when processing malformed AS
requests with a NULL client name.  Bug originally introduced on
Fri Feb 13 09:26:01 2015 +0100 in commit:

    a873e21

    kdc: base _kdc_fast_mk_error() on krb5_mk_error_ext()

Original patch by Jeffrey Altman <jaltman@secure-endpoints.com>
  • Loading branch information
Viktor Dukhovni committed Dec 5, 2017
1 parent abee4b3 commit 1a6a6e4
Showing 1 changed file with 5 additions and 3 deletions.
8 changes: 5 additions & 3 deletions kdc/kerberos5.c
Expand Up @@ -2232,15 +2232,17 @@ _kdc_as_rep(kdc_request_t r,
/*
* In case of a non proxy error, build an error message.
*/
if(ret != 0 && ret != HDB_ERR_NOT_FOUND_HERE && reply->length == 0) {
if (ret != 0 && ret != HDB_ERR_NOT_FOUND_HERE && reply->length == 0) {
ret = _kdc_fast_mk_error(context, r,
&error_method,
r->armor_crypto,
&req->req_body,
ret, r->e_text,
r->server_princ,
&r->client_princ->name,
&r->client_princ->realm,
r->client_princ ?
&r->client_princ->name : NULL,
r->client_princ ?
&r->client_princ->realm : NULL,
NULL, NULL,
reply);
if (ret)
Expand Down

0 comments on commit 1a6a6e4

Please sign in to comment.