Skip to content

Commit

Permalink
Fix leaks in kadmin server stubs [CVE-2015-8631]
Browse files Browse the repository at this point in the history
In each kadmind server stub, initialize the client_name and
server_name variables, and release them in the cleanup handler.  Many
of the stubs will otherwise leak the client and server name if
krb5_unparse_name() fails.  Also make sure to free the prime_arg
variables in rename_principal_2_svc(), or we can leak the first one if
unparsing the second one fails.  Discovered by Simo Sorce.

CVE-2015-8631:

In all versions of MIT krb5, an authenticated attacker can cause
kadmind to leak memory by supplying a null principal name in a request
which uses one.  Repeating these requests will eventually cause
kadmind to exhaust all available memory.

    CVSSv2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C/E:POC/RL:OF/RC:C

ticket: 8343 (new)
target_version: 1.14-next
target_version: 1.13-next
tags: pullup
  • Loading branch information
greghudson committed Jan 27, 2016
1 parent b863de7 commit 83ed75f
Showing 1 changed file with 77 additions and 74 deletions.
Loading

0 comments on commit 83ed75f

Please sign in to comment.