Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:11.2
krb5
bug-806715-CVE-2013-1415-fix-PKINIT-null-pointe...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File bug-806715-CVE-2013-1415-fix-PKINIT-null-pointer-deref.dif of Package krb5
commit c773d3c775e9b2d88bcdff5f8a8ba88d7ec4e8ed Author: Xi Wang <xi.wang@gmail.com> Date: Thu Feb 14 18:17:40 2013 -0500 PKINIT null pointer deref [CVE-2013-1415] Don't dereference a null pointer when cleaning up. The KDC plugin for PKINIT can dereference a null pointer when a malformed packet causes processing to terminate early, leading to a crash of the KDC process. An attacker would need to have a valid PKINIT certificate or have observed a successful PKINIT authentication, or an unauthenticated attacker could execute the attack if anonymous PKINIT is enabled. CVSSv2 vector: AV:N/AC:M/Au:N/C:N/I:N/A:C/E:P/RL:O/RC:C This is a minimal commit for pullup; style fixes in a followup. [kaduk@mit.edu: reformat and edit commit message] ticket: 7570 (new) target_version: 1.11.1 tags: pullup --- krb5-1.7/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c.orig 2013-04-24 10:46:59.819058706 +0200 +++ krb5-1.7/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c 2013-04-24 10:47:57.875487962 +0200 @@ -2787,7 +2787,7 @@ pkiDebug("found kdcPkId in AS REQ\n"); is = d2i_PKCS7_ISSUER_AND_SERIAL(NULL, &p, (int)pkid_len); if (is == NULL) - goto cleanup; + return retval; status = X509_NAME_cmp(X509_get_issuer_name(kdc_cert), is->issuer); if (!status) { @@ -2797,7 +2797,6 @@ } retval = 0; -cleanup: X509_NAME_free(is->issuer); ASN1_INTEGER_free(is->serial); free(is);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor