Skip to content

Commit

Permalink
CVE-2018-16841 heimdal: Fix segfault on PKINIT with mis-matching prin…
Browse files Browse the repository at this point in the history 
…cipal

In Heimdal KRB5_KDC_ERR_CLIENT_NAME_MISMATCH is an enum, so we tried to double-free
mem_ctx.

This was introduced in 9a0263a for the
MIT KDC effort.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13628

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
  • Loading branch information
@abartlet @kseeger
abartlet authored and kseeger committed Nov 25, 2018
1 parent bf596c1 commit 6e84215
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions source4/kdc/db-glue.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2610,10 +2610,10 @@ samba_kdc_check_pkinit_ms_upn_match(krb5_context context,
* comparison */
if (!(orig_sid && target_sid && dom_sid_equal(orig_sid, target_sid))) {
talloc_free(mem_ctx);
#ifdef KRB5_KDC_ERR_CLIENT_NAME_MISMATCH /* Heimdal */
return KRB5_KDC_ERR_CLIENT_NAME_MISMATCH;
#elif defined(KRB5KDC_ERR_CLIENT_NAME_MISMATCH) /* MIT */
#if defined(KRB5KDC_ERR_CLIENT_NAME_MISMATCH) /* MIT */
return KRB5KDC_ERR_CLIENT_NAME_MISMATCH;
#else /* Heimdal (where this is an enum) */
return KRB5_KDC_ERR_CLIENT_NAME_MISMATCH;
#endif
}

Expand Down

0 comments on commit 6e84215

Please sign in to comment.