Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.427 (Entity 5.427) From: tlyu@mit.edu Subject: git commit X-RT-Original-Encoding: iso-8859-1 Content-Length: 670 Fix kadmind server validation [CVE-2014-9422] [MITKRB5-SA-2015-001] In kadmind's check_rpcsec_auth(), use data_eq_string() instead of strncmp() to check components of the server principal, so that we don't erroneously match left substrings of "kadmin", "history", or the realm. (cherry picked from commit 6609658db0799053fbef0d7d0aa2f1fd68ef32d8) https://github.com/krb5/krb5/commit/5c78bb806338b0feb90f46459834310adf5be00f Author: Greg Hudson Committer: Tom Yu Commit: 5c78bb806338b0feb90f46459834310adf5be00f Branch: krb5-1.12 src/kadmin/server/kadm_rpc_svc.c | 12 +++--------- 1 files changed, 3 insertions(+), 9 deletions(-)