Skip to content

Remote unauthenticated DoS in Heimdal-KDC 7.1 #353

Closed
@Natureshadow

Description

@Natureshadow

The following was reported in the Debian bug tracker at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878144

heimdal-kdc 7.1.0 is regularly observed to crash due to malformed client names in client requests received over the internet.

heimdal-kdc.log.5.gz:2017-08-06T12:06:05 AS-REQ malformed client name from IPv4:71.6.167.142

This leads to a segfault:

kdc[24683]: segfault at 18 ip 00007f8a096715d0 sp 00007ffd48ba4b28 error 4 in libasn1.so.8.0.0[7f8a095ea000+a7000]

The related code is in lib/asn1/der_length.c:

size_t der_length_visible_string (const heim_visible_string *data)
{
    return strlen(*data);
}

Proposed patch:

if (!data) return 0;
else return strlen(*data);

It would be good to have this fix, or another one, approved quickly so we can get a patch in Debian's security release.

Metadata

Metadata

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions