RT RT/krbdev.mit.edu: Ticket #8620 Length check when parsing GSS token encapsulation Signed in as guest.
[Logout]

[Home] [Search] [Configuration]

[Display] [History] [Basics] [Dates] [People] [Links] [Jumbo]

 
 

 The Basics  
Id
8620
Status
resolved
Worked
0 min
Priority
0/0
Queue
krb5
 

 Keyword Selections  
Component
Tags
Version_reported
Version_Fixed
  • 1.15.3
  • 1.14.7
  • 1.16
Target_Version
  • 1.14-next
  • 1.15-next
  • 1.16
 

 Relationships  
Depends on:
Depended on by:
Parents:
Children:

Refers to:
Referred to by:
 
 Dates  
Created: Tue Nov 21 15:06:17 2017
Starts: Not set
Started: Tue Nov 21 15:06:18 2017
Last Contact: Not set
Due: Not set
Updated: Wed Nov 22 13:11:51 2017 by ghudson
 

 People  
Owner
 ghudson
Requestors
 ghudson@mit.edu
Cc
 
AdminCc
 
 

 More about Greg Hudson  
Comments about this user:
No comment entered about this user
This user's 25 highest priority tickets:
 

History   Display mode: [Brief headers] [Full headers]
      Tue Nov 21 15:06:17 2017  ghudson - Ticket created    
     
From: ghudson@mit.edu
Subject: git commit


Length check when parsing GSS token encapsulation

gssint_get_mech_type_oid() is used by gss_accept_sec_context() to
determine the mechanism of the token.  Without length checking, it
might read a few bytes past the end of the input token buffer.  Add
length checking as well as test cases for truncated encapsulations.
Reported by Bar Katz.

https://github.com/krb5/krb5/commit/f949e990f930f48df1f108fe311c58ae3da18b24
Author: Greg Hudson <ghudson@mit.edu>
Commit: f949e990f930f48df1f108fe311c58ae3da18b24
Branch: master
 src/lib/gssapi/mechglue/g_glue.c |   20 +++++++++----
 src/tests/gssapi/t_invalid.c     |   57 ++++++++++++++++++++++++++++++++++---
 2 files changed, 66 insertions(+), 11 deletions(-)


Download (untitled) 709b
      Tue Nov 21 15:06:18 2017  ghudson - Tags pullup added    
      Tue Nov 21 15:06:18 2017  ghudson - Requestor ghudson@mit.edu added    
      Tue Nov 21 15:06:18 2017  ghudson - Target_Version 1.16 added    
      Tue Nov 21 15:06:18 2017  ghudson - Target_Version 1.15-next added    
      Tue Nov 21 15:06:18 2017  ghudson - Target_Version 1.14-next added    
      Tue Nov 21 15:06:18 2017  ghudson - Status changed from new to resolved    
      Wed Nov 22 13:11:01 2017  ghudson - Version_Fixed 1.15.3 added    
      Wed Nov 22 13:11:01 2017  ghudson - Correspondence added    
     
From: ghudson@mit.edu
Subject: git commit


Length check when parsing GSS token encapsulation

gssint_get_mech_type_oid() is used by gss_accept_sec_context() to
determine the mechanism of the token.  Without length checking, it
might read a few bytes past the end of the input token buffer.  Add
length checking as well as test cases for truncated encapsulations.
Reported by Bar Katz.

(cherry picked from commit f949e990f930f48df1f108fe311c58ae3da18b24)

https://github.com/krb5/krb5/commit/674ae7b9c013ef9d433345ce93d6fe37e3febda0
Author: Greg Hudson <ghudson@mit.edu>
Commit: 674ae7b9c013ef9d433345ce93d6fe37e3febda0
Branch: krb5-1.15
 src/lib/gssapi/mechglue/g_glue.c |   20 +++++++++----
 src/tests/gssapi/t_invalid.c     |   57 ++++++++++++++++++++++++++++++++++---
 2 files changed, 66 insertions(+), 11 deletions(-)


Download (untitled) 782b
      Wed Nov 22 13:11:09 2017  ghudson - Version_Fixed 1.14.7 added    
      Wed Nov 22 13:11:09 2017  ghudson - Correspondence added    
     
From: ghudson@mit.edu
Subject: git commit


Length check when parsing GSS token encapsulation

gssint_get_mech_type_oid() is used by gss_accept_sec_context() to
determine the mechanism of the token.  Without length checking, it
might read a few bytes past the end of the input token buffer.  Add
length checking as well as test cases for truncated encapsulations.
Reported by Bar Katz.

(cherry picked from commit f949e990f930f48df1f108fe311c58ae3da18b24)

https://github.com/krb5/krb5/commit/b70ef60b1290ff6b6a028ac51ee761222e083720
Author: Greg Hudson <ghudson@mit.edu>
Commit: b70ef60b1290ff6b6a028ac51ee761222e083720
Branch: krb5-1.14
 src/lib/gssapi/mechglue/g_glue.c |   20 +++++++++----
 src/tests/gssapi/t_invalid.c     |   57 ++++++++++++++++++++++++++++++++++---
 2 files changed, 66 insertions(+), 11 deletions(-)


Download (untitled) 782b
      Wed Nov 22 13:11:19 2017  ghudson - Version_Fixed 1.16 added    
      Wed Nov 22 13:11:19 2017  ghudson - Correspondence added    
     
From: ghudson@mit.edu
Subject: git commit


Length check when parsing GSS token encapsulation

gssint_get_mech_type_oid() is used by gss_accept_sec_context() to
determine the mechanism of the token.  Without length checking, it
might read a few bytes past the end of the input token buffer.  Add
length checking as well as test cases for truncated encapsulations.
Reported by Bar Katz.

(cherry picked from commit f949e990f930f48df1f108fe311c58ae3da18b24)

https://github.com/krb5/krb5/commit/8a49abbbdd23f0eb77d7258676ecb8fd93454a25
Author: Greg Hudson <ghudson@mit.edu>
Commit: 8a49abbbdd23f0eb77d7258676ecb8fd93454a25
Branch: krb5-1.16
 src/lib/gssapi/mechglue/g_glue.c |   20 +++++++++----
 src/tests/gssapi/t_invalid.c     |   57 ++++++++++++++++++++++++++++++++++---
 2 files changed, 66 insertions(+), 11 deletions(-)


Download (untitled) 782b
      Wed Nov 22 13:11:51 2017  ghudson - Keyword pullup deleted