[krbdev.mit.edu #8620] git commit
Greg Hudson via RT
rt-comment at KRBDEV-PROD-APP-1.mit.edu
Wed Nov 22 13:11:01 EST 2017
Length check when parsing GSS token encapsulation
gssint_get_mech_type_oid() is used by gss_accept_sec_context() to
determine the mechanism of the token. Without length checking, it
might read a few bytes past the end of the input token buffer. Add
length checking as well as test cases for truncated encapsulations.
Reported by Bar Katz.
(cherry picked from commit f949e990f930f48df1f108fe311c58ae3da18b24)
https://github.com/krb5/krb5/commit/674ae7b9c013ef9d433345ce93d6fe37e3febda0
Author: Greg Hudson <ghudson at mit.edu>
Commit: 674ae7b9c013ef9d433345ce93d6fe37e3febda0
Branch: krb5-1.15
src/lib/gssapi/mechglue/g_glue.c | 20 +++++++++----
src/tests/gssapi/t_invalid.c | 57 ++++++++++++++++++++++++++++++++++---
2 files changed, 66 insertions(+), 11 deletions(-)
More information about the krb5-bugs
mailing list