Skip Menu |
 

From: Павел Крайнов <kraynopp@gmail.com>
Date: Thu, 12 Oct 2017 21:00:17 +0300
Subject: Bug in PKINIT
To: krb5-bugs@mit.edu
Hi,

In file \src\plugins\preauth\pkinit\pkinit_crypto_openssl.h I have found constant:

#define DN_BUF_LEN  256

So, the size of DN is limited by 256 bytes. It is very small and can be easily overflowed, especially if DN contains utf8-encoded CN/O/OU.
In this case PKINIT failed with error 'stack smashing detected'.

Please, consider to increase DN_BUF_LEN or use dynamic memory allocation for DN buffer.
From: ghudson@mit.edu
Subject: git commit

Fix PKINIT cert matching data construction

Rewrite X509_NAME_oneline_ex() and its call sites to use dynamic
allocation and to perform proper error checking.

https://github.com/krb5/krb5/commit/fbb687db1088ddd894d975996e5f6a4252b9a2b4
Author: Greg Hudson <ghudson@mit.edu>
Commit: fbb687db1088ddd894d975996e5f6a4252b9a2b4
Branch: master
src/plugins/preauth/pkinit/pkinit_crypto_openssl.c | 67 +++++++------------
1 files changed, 25 insertions(+), 42 deletions(-)
From: ghudson@mit.edu
Subject: git commit

Fix PKINIT cert matching data construction

Rewrite X509_NAME_oneline_ex() and its call sites to use dynamic
allocation and to perform proper error checking.

(cherry picked from commit fbb687db1088ddd894d975996e5f6a4252b9a2b4)

https://github.com/krb5/krb5/commit/f36ae41714f669e971e9334fe471f8a924386cc6
Author: Greg Hudson <ghudson@mit.edu>
Commit: f36ae41714f669e971e9334fe471f8a924386cc6
Branch: krb5-1.15
src/plugins/preauth/pkinit/pkinit_crypto_openssl.c | 69 ++++++++------------
1 files changed, 27 insertions(+), 42 deletions(-)
From: ghudson@mit.edu
Subject: git commit

Fix PKINIT cert matching data construction

Rewrite X509_NAME_oneline_ex() and its call sites to use dynamic
allocation and to perform proper error checking.

(cherry picked from commit fbb687db1088ddd894d975996e5f6a4252b9a2b4)

https://github.com/krb5/krb5/commit/5bae4fe119e22accab3d9045a9524530995596e9
Author: Greg Hudson <ghudson@mit.edu>
Commit: 5bae4fe119e22accab3d9045a9524530995596e9
Branch: krb5-1.14
src/plugins/preauth/pkinit/pkinit_crypto_openssl.c | 69 ++++++++------------
1 files changed, 27 insertions(+), 42 deletions(-)