Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.427 (Entity 5.427) From: tlyu@mit.edu Subject: SVN Commit X-RT-Original-Encoding: iso-8859-1 Content-Length: 848 Null pointer deref in kadmind [CVE-2012-1013] The fix for #6626 could cause kadmind to dereference a null pointer if a create-principal request contains no password but does contain the KRB5_KDB_DISALLOW_ALL_TIX flag (e.g. "addprinc -randkey -allow_tix name"). Only clients authorized to create principals can trigger the bug. Fix the bug by testing for a null password in check_1_6_dummy. CVSSv2 vector: AV:N/AC:M/Au:S/C:N/I:N/A:P/E:H/RL:O/RC:C [ghudson@mit.edu: Minor style change and commit message] (cherry picked from commit c5be6209311d4a8f10fda37d0d3f876c1b33b77b) https://github.com/krb5/krb5/commit/0b11a472cf0e83972228ad9ca6ee645e4ffd4c24 Author: Tom Yu Commit: 0b11a472cf0e83972228ad9ca6ee645e4ffd4c24 Branch: krb5-1.8 src/lib/kadm5/srv/svr_principal.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-)