diff options
| author | Cy Schubert <cy@FreeBSD.org> | 2022-11-24 08:52:45 -0800 |
|---|---|---|
| committer | Cy Schubert <cy@FreeBSD.org> | 2022-11-24 09:22:43 -0800 |
| commit | 8cafd5bc0d866a425eb883e00cef02df1ef31db4 (patch) | |
| tree | 2d3c44e6f0e072fc56a0cb04ab82cb569324653f /security/heimdal-devel/files | |
| parent | security/heimdal*: Fix NULL dereference when mangled realm message (diff) | |
security/heimdal*: Handle other types of garbage data
In addition to garbage realm data, also handle garbage dbname, acl_file,
stash_file, and invalid bitmask garbage data.
PR: 267912
Reported by: Robert Morris <rtm@lcs.mit.edu>
MFH: 2022Q4
Diffstat (limited to 'security/heimdal-devel/files')
| -rw-r--r-- | security/heimdal-devel/files/patch-lib_kadm5_marshall.c | 32 |
1 files changed, 30 insertions, 2 deletions
diff --git a/security/heimdal-devel/files/patch-lib_kadm5_marshall.c b/security/heimdal-devel/files/patch-lib_kadm5_marshall.c index 8cc79bafcc8c..8bc63095693f 100644 --- a/security/heimdal-devel/files/patch-lib_kadm5_marshall.c +++ b/security/heimdal-devel/files/patch-lib_kadm5_marshall.c @@ -1,7 +1,14 @@ --- lib/kadm5/marshall.c.orig 2022-11-17 16:55:32.000000000 -0800 -+++ lib/kadm5/marshall.c 2022-11-24 08:17:04.255672000 -0800 -@@ -465,8 +465,12 @@ ++++ lib/kadm5/marshall.c 2022-11-24 08:47:49.092069000 -0800 +@@ -463,10 +463,40 @@ + ret = krb5_ret_int32(sp, &mask); + if (ret) goto out; ++ if (mask & KADM5_CONFIG_REALM & KADM5_CONFIG_DBNAME ++ & KADM5_CONFIG_ACL_FILE & KADM5_CONFIG_STASH_FILE) { ++ ret = EINVAL; ++ goto out; ++ } params->mask = mask; - if(params->mask & KADM5_CONFIG_REALM) @@ -9,6 +16,27 @@ ret = krb5_ret_string(sp, ¶ms->realm); + if (params->realm == NULL) { + ret = EINVAL; ++ goto out; ++ } ++ } ++ if (params->mask & KADM5_CONFIG_DBNAME) { ++ ret = krb5_ret_string(sp, ¶ms->dbname); ++ if (params->dbname == NULL) { ++ ret = EINVAL; ++ goto out; ++ } ++ } ++ if (params->mask & KADM5_CONFIG_ACL_FILE) { ++ ret = krb5_ret_string(sp, ¶ms->acl_file); ++ if (params->acl_file == NULL) { ++ ret = EINVAL; ++ goto out; ++ } ++ } ++ if (params->mask & KADM5_CONFIG_STASH_FILE) { ++ ret = krb5_ret_string(sp, ¶ms->stash_file); ++ if (params->stash_file == NULL) { ++ ret = EINVAL; + } + } out: |