Skip Menu |
 

From: ghudson@mit.edu
Subject: git commit

Length check when parsing GSS token encapsulation

gssint_get_mech_type_oid() is used by gss_accept_sec_context() to
determine the mechanism of the token. Without length checking, it
might read a few bytes past the end of the input token buffer. Add
length checking as well as test cases for truncated encapsulations.
Reported by Bar Katz.

https://github.com/krb5/krb5/commit/f949e990f930f48df1f108fe311c58ae3da18b24
Author: Greg Hudson <ghudson@mit.edu>
Commit: f949e990f930f48df1f108fe311c58ae3da18b24
Branch: master
src/lib/gssapi/mechglue/g_glue.c | 20 +++++++++----
src/tests/gssapi/t_invalid.c | 57 ++++++++++++++++++++++++++++++++++---
2 files changed, 66 insertions(+), 11 deletions(-)
From: ghudson@mit.edu
Subject: git commit

Length check when parsing GSS token encapsulation

gssint_get_mech_type_oid() is used by gss_accept_sec_context() to
determine the mechanism of the token. Without length checking, it
might read a few bytes past the end of the input token buffer. Add
length checking as well as test cases for truncated encapsulations.
Reported by Bar Katz.

(cherry picked from commit f949e990f930f48df1f108fe311c58ae3da18b24)

https://github.com/krb5/krb5/commit/674ae7b9c013ef9d433345ce93d6fe37e3febda0
Author: Greg Hudson <ghudson@mit.edu>
Commit: 674ae7b9c013ef9d433345ce93d6fe37e3febda0
Branch: krb5-1.15
src/lib/gssapi/mechglue/g_glue.c | 20 +++++++++----
src/tests/gssapi/t_invalid.c | 57 ++++++++++++++++++++++++++++++++++---
2 files changed, 66 insertions(+), 11 deletions(-)
From: ghudson@mit.edu
Subject: git commit

Length check when parsing GSS token encapsulation

gssint_get_mech_type_oid() is used by gss_accept_sec_context() to
determine the mechanism of the token. Without length checking, it
might read a few bytes past the end of the input token buffer. Add
length checking as well as test cases for truncated encapsulations.
Reported by Bar Katz.

(cherry picked from commit f949e990f930f48df1f108fe311c58ae3da18b24)

https://github.com/krb5/krb5/commit/b70ef60b1290ff6b6a028ac51ee761222e083720
Author: Greg Hudson <ghudson@mit.edu>
Commit: b70ef60b1290ff6b6a028ac51ee761222e083720
Branch: krb5-1.14
src/lib/gssapi/mechglue/g_glue.c | 20 +++++++++----
src/tests/gssapi/t_invalid.c | 57 ++++++++++++++++++++++++++++++++++---
2 files changed, 66 insertions(+), 11 deletions(-)
From: ghudson@mit.edu
Subject: git commit

Length check when parsing GSS token encapsulation

gssint_get_mech_type_oid() is used by gss_accept_sec_context() to
determine the mechanism of the token. Without length checking, it
might read a few bytes past the end of the input token buffer. Add
length checking as well as test cases for truncated encapsulations.
Reported by Bar Katz.

(cherry picked from commit f949e990f930f48df1f108fe311c58ae3da18b24)

https://github.com/krb5/krb5/commit/8a49abbbdd23f0eb77d7258676ecb8fd93454a25
Author: Greg Hudson <ghudson@mit.edu>
Commit: 8a49abbbdd23f0eb77d7258676ecb8fd93454a25
Branch: krb5-1.16
src/lib/gssapi/mechglue/g_glue.c | 20 +++++++++----
src/tests/gssapi/t_invalid.c | 57 ++++++++++++++++++++++++++++++++++---
2 files changed, 66 insertions(+), 11 deletions(-)