Closed
Description
The following was reported in the Debian bug tracker at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878144
heimdal-kdc 7.1.0 is regularly observed to crash due to malformed client names in client requests received over the internet.
heimdal-kdc.log.5.gz:2017-08-06T12:06:05 AS-REQ malformed client name from IPv4:71.6.167.142
This leads to a segfault:
kdc[24683]: segfault at 18 ip 00007f8a096715d0 sp 00007ffd48ba4b28 error 4 in libasn1.so.8.0.0[7f8a095ea000+a7000]
The related code is in lib/asn1/der_length.c:
size_t der_length_visible_string (const heim_visible_string *data)
{
return strlen(*data);
}Proposed patch:
if (!data) return 0;
else return strlen(*data);It would be good to have this fix, or another one, approved quickly so we can get a patch in Debian's security release.
Metadata
Metadata
Assignees
Labels
No labels