Attachment 13308 Details for Bug 10490 – Possible patch for master

[patch] Possible patch for master

bug10490-01.patches.txt (text/plain), 1.23 KB, created by Stefan Metzmacher on 2017-06-24 11:50:16 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Stefan Metzmacher

Created: 2017-06-24 11:50:16 UTC

Size: 1.23 KB

patch

obsolete

>From 130a755ebf98eeea3e2be4814997463775b5f8a3 Mon Sep 17 00:00:00 2001
>From: Michael Saxl <mike@mwsys.mine.bz>
>Date: Sat, 24 Jun 2017 13:41:48 +0200
>Subject: [PATCH] s3:gse_krb5: fix a possible crash in
> fill_mem_keytab_from_system_keytab()
>
>If the keytab file isn't readable, we may call
>krb5_kt_end_seq_get() with an invalid kt_cursor.
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=10490
>
>Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
>
>Signed-off-by: Michael Saxl <mike@mwsys.mine.bz>
>Signed-off-by: Stefan Metzmacher <metze@samba.org>
>---
> source3/librpc/crypto/gse_krb5.c | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
>diff --git a/source3/librpc/crypto/gse_krb5.c b/source3/librpc/crypto/gse_krb5.c
>index 703d1b4..4dd39ea 100644
>--- a/source3/librpc/crypto/gse_krb5.c
>+++ b/source3/librpc/crypto/gse_krb5.c
>@@ -437,6 +437,14 @@ static krb5_error_code fill_mem_keytab_from_system_keytab(krb5_context krbctx,
> 	if (ret) {
> 		DEBUG(1, (__location__ ": krb5_kt_start_seq_get failed (%s)\n",
> 			  error_message(ret)));
>+		/*
>+		 * krb5_kt_start_seq_get() may leaves bogus data
>+		 * in kt_cursor. And we want to use the all_zero()
>+		 * logic below.
>+		 *
>+		 * See bug #10490
>+		 */
>+		ZERO_STRUCT(kt_cursor);
> 		goto out;
> 	}
> 
>-- 
>1.9.1
>

Actions: View

Attachments on bug 10490: 9867 | 9886 | 9887 | 9888 | 13308 | 13325 | 13326