security/heimdal*: Fix NULL dereference when mangled realm message

Fix a NULL dereference in _kadm5_s_init_context() when the client sends a mangled realm message. PR: 267912 Reported by: Robert Morris <rtm@lcs.mit.edu> MFH: 2022Q4
author: Cy Schubert <cy@FreeBSD.org> 2022-11-24 08:37:45 -0800
committer: Cy Schubert <cy@FreeBSD.org> 2022-11-24 09:22:01 -0800
commit: 678bdaf21b9a05d99e0aceecd414782926e57ae4 (patch)
tree: 50ffe45944b323a04a7208c8b590b39a6ec290cb /security/heimdal/files/patch-kadmin_server.c
parent: security/heimdal*: The version string must always contain a terminating NUL (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/security/heimdal/files/patch-kadmin_server.c b/security/heimdal/files/patch-kadmin_server.c
new file mode 100644
index 000000000000..d4a2439f3bdb
--- /dev/null
+++ b/security/heimdal/files/patch-kadmin_server.c
@@ -0,0 +1,13 @@
+--- kadmin/server.c.orig	2022-09-15 16:54:19.000000000 -0700
++++ kadmin/server.c	2022-11-24 08:26:55.919761000 -0800
+@@ -787,7 +787,9 @@
+ 	ret = krb5_read_priv_message(contextp, ac, &fd, &params);
+ 	if(ret)
+ 	    krb5_err(contextp, 1, ret, "krb5_read_priv_message");
+-	_kadm5_unmarshal_params(contextp, &params, &realm_params);
++	ret = _kadm5_unmarshal_params(contextp, &params, &realm_params);
++	if(ret)
++	    krb5_err(contextp, 1, ret, "_kadm5_unmarshal_params");
+     }
+ 
+     initial = ticket->ticket.flags.initial;
author	Cy Schubert <cy@FreeBSD.org>	2022-11-24 08:37:45 -0800
committer	Cy Schubert <cy@FreeBSD.org>	2022-11-24 09:22:01 -0800
commit	678bdaf21b9a05d99e0aceecd414782926e57ae4 (patch)
tree	50ffe45944b323a04a7208c8b590b39a6ec290cb /security/heimdal/files/patch-kadmin_server.c
parent	security/heimdal*: The version string must always contain a terminating NUL (diff)