Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix PKINIT cert matching data construction #707

Merged
merged 1 commit into from
Oct 26, 2017
Merged

Fix PKINIT cert matching data construction #707

merged 1 commit into from
Oct 26, 2017

Conversation

greghudson
Copy link
Member

Rewrite X509_NAME_oneline_ex() and its call sites to use dynamic
allocation and to perform proper error checking.

frozencemetery
frozencemetery approved these changes Oct 25, 2017
View reviewed changes
Copy link
Contributor

@frozencemetery frozencemetery left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1, as discussed.

@frozencemetery
Copy link
Contributor

frozencemetery commented Oct 25, 2017
edited

Red Hat has assigned this CVE-2017-15088 (in our builds only, not in upstream krb5).

@greghudson
Fix PKINIT cert matching data construction
fbb687d 
Rewrite X509_NAME_oneline_ex() and its call sites to use dynamic
allocation and to perform proper error checking.

ticket: 8617
target_version: 1.16
target_version: 1.15-next
target_version: 1.14-next
tags: pullup
@greghudson
Copy link
Member Author

On self-review I noticed some minor exception-handling mistakes in the new function definition (memory leaks on error, not checking the return value of BIO_new()). Please re-review. I think the candidate fix should be okay for practical purposes.

@frozencemetery
Copy link
Contributor

Right, this is better than the original, so +1.

(I believe BIO_new() failures aren't realistic for Linux, and the BIO leak on error isn't worth the delay a respin would require, so I agree it's fine for what I'm doing with it, and I'll plan to fix that later.)

@greghudson greghudson merged commit fbb687d into krb5:master Oct 26, 2017
@greghudson greghudson deleted the pkinit-matching branch October 27, 2017 04:38
@armorcodegithubpreprod armorcodegithubpreprod bot mentioned this pull request Mar 14, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@frozencemetery frozencemetery frozencemetery approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@greghudson @frozencemetery