Skip Menu |
 

From: ghudson@mit.edu
Subject: git commit

Fix krb5 gss_acquire_cred_impersonate_name crash

If gss_acquire_cred_impersonate_name is called using an
impersonator_cred_handle acquired with GSS_C_ACCEPT, we could
dereference null fields of the cred handle and crash. Fix this by
checking the impersonator_cred_handle usage and returning
GSS_S_NO_CRED if it isn't what we expect, just as we do in
init_sec_context.

Based on a patch from Solly Ross <sross@redhat.com>.

https://github.com/krb5/krb5/commit/17689700b27c6fb6d26156330d11b57ef79385d3
Author: Greg Hudson <ghudson@mit.edu>
Commit: 17689700b27c6fb6d26156330d11b57ef79385d3
Branch: master
src/lib/gssapi/krb5/s4u_gss_glue.c | 10 ++++++++--
1 files changed, 8 insertions(+), 2 deletions(-)
From: tlyu@mit.edu
Subject: git commit

Fix krb5 gss_acquire_cred_impersonate_name crash

If gss_acquire_cred_impersonate_name is called using an
impersonator_cred_handle acquired with GSS_C_ACCEPT, we could
dereference null fields of the cred handle and crash. Fix this by
checking the impersonator_cred_handle usage and returning
GSS_S_NO_CRED if it isn't what we expect, just as we do in
init_sec_context.

Based on a patch from Solly Ross <sross@redhat.com>.

(cherry picked from commit 17689700b27c6fb6d26156330d11b57ef79385d3)

https://github.com/krb5/krb5/commit/3b30c09bf48b9a2ec943e43573a882b1f0f545d2
Author: Greg Hudson <ghudson@mit.edu>
Committer: Tom Yu <tlyu@mit.edu>
Commit: 3b30c09bf48b9a2ec943e43573a882b1f0f545d2
Branch: krb5-1.13
src/lib/gssapi/krb5/s4u_gss_glue.c | 10 ++++++++--
1 files changed, 8 insertions(+), 2 deletions(-)