| |
|
From krb5-bugs-incoming-bounces@PCH.MIT.EDU Tue Apr 24 12:15:44 2007
Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (8.12.9) with
ESMTP
id l3OGFiL8014754; Tue, 24 Apr 2007 12:15:44 -0400 (EDT)
Received: from pch.mit.edu (pch.mit.edu [127.0.0.1])
by pch.mit.edu (8.13.6/8.12.8) with ESMTP id l3OGFdik011398;
Tue, 24 Apr 2007 12:15:39 -0400
Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU
[18.7.21.83])
by pch.mit.edu (8.13.6/8.12.8) with ESMTP id l3OG9riI008757
for <krb5-bugs-incoming@PCH.mit.edu>; Tue, 24 Apr 2007 12:09:53 -0400
Received: from mit.edu (W92-130-BARRACUDA-2.MIT.EDU [18.7.21.223])
by pacific-carrier-annex.mit.edu (8.13.6/8.9.2) with ESMTP id
l3OG9oCe003045
for <krb5-bugs@mit.edu>; Tue, 24 Apr 2007 12:09:50 -0400 (EDT)
Received: from mx1.redhat.com (mx1.redhat.com [66.187.233.31])
by mit.edu (Spam Firewall) with ESMTP id 8EA9F23F8A3
for <krb5-bugs@mit.edu>; Tue, 24 Apr 2007 12:09:49 -0400 (EDT)
Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com
[172.16.52.254])
by mx1.redhat.com (8.13.1/8.13.1) with ESMTP id l3OG9mfG026477
for <krb5-bugs@mit.edu>; Tue, 24 Apr 2007 12:09:48 -0400
Received: from rapier.boston.redhat.com (rapier.boston.redhat.com
[172.16.80.53])
by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id l3OG9mXG032701
for <krb5-bugs@mit.edu>; Tue, 24 Apr 2007 12:09:48 -0400
Received: from rapier.boston.redhat.com (localhost.localdomain [127.0.0.1])
by rapier.boston.redhat.com (8.14.1/8.14.0) with ESMTP id
l3OG9lqZ004011
for <krb5-bugs@mit.edu>; Tue, 24 Apr 2007 12:09:47 -0400
Received: (from nalin@localhost)
by rapier.boston.redhat.com (8.14.1/8.14.1/Submit) id l3OG9lVm004010;
Tue, 24 Apr 2007 12:09:47 -0400
Date: Tue, 24 Apr 2007 12:09:47 -0400
Message-Id: <200704241609.l3OG9lVm004010@rapier.boston.redhat.com>
To: krb5-bugs@mit.edu
From: Nalin Dahyabhai <nalin@redhat.com>
X-send-pr-version: 3.99
X-Spam-Score: 0.95
X-Spam-Flag: NO
X-Scanned-By: MIMEDefang 2.42
X-Mailman-Approved-At: Tue, 24 Apr 2007 12:12:38 -0400
X-BeenThere: krb5-bugs-incoming@mailman.mit.edu
X-Mailman-Version: 2.1.6
Precedence: list
Reply-To: Nalin Dahyabhai <nalin@redhat.com>
Sender: krb5-bugs-incoming-bounces@PCH.MIT.EDU
Errors-To: krb5-bugs-incoming-bounces@PCH.MIT.EDU
>Submitter-Id: net
>Originator:
>Organization:
>Confidential: no
>Synopsis: uninitialized salt length when reading some keys
>Severity: non-critical
>Priority: medium
>Category: krb5-kdc
>Class: sw-bug
>Release: 1.6
>Environment:
System: Linux rapier.boston.redhat.com 2.6.20-1.3079.fc7 #1 SMP Mon Apr 16 20:05:15
EDT 2007 x86_64 x86_64 x86_64 GNU/Linux
Architecture: x86_64
>Description:
When reading a key from the realm database, the ldap plugin doesn't
initialize the length of the salt when there is a salt but none was
stored. This causes a potential crash any time the corresponding
key is copied.
>How-To-Repeat:
Create an entry in the database with a salt type but no explictly-
stored salt. Attempt to read it back using the "getprinc" command
using kadmin.local.
>Fix:
This patch:
Index: src/lib/krb5/asn.1/ldap_key_seq.c
===================================================================
--- src/lib/krb5/asn.1/ldap_key_seq.c (revision 19525)
+++ src/lib/krb5/asn.1/ldap_key_seq.c (working copy)
@@ -341,7 +341,8 @@
if (asn1buf_remains(&slt, 0) != 0) { /* Salt value is optional */
ret = decode_tagged_octetstring (&slt, 1, &keylen,
&key->key_data_contents[1]); checkerr;
- }
+ } else
+ keylen = 0;
safe_syncbuf (&subbuf, &slt);
key->key_data_length[1] = keylen; /* XXX range check?? */
|
Download (untitled) 3.5k
|
