[krbdev.mit.edu #7152] RE: krb5-1.10.1 - SIGSEGV (kadmin.local)
Richard Basch via RT
rt-comment at krbdev.mit.edu
Tue May 29 13:52:09 EDT 2012
I suspect this bug can also be exploited remotely to crash kadmind.
From: Richard Basch [mailto:basch at alum.mit.edu]
Sent: Monday, May 28, 2012 11:59 PM
To: 'krb5-bugs at mit.edu'; 'krbdev at mit.edu'
Subject: krb5-1.10.1 - SIGSEGV (kadmin.local)
The following will cause a SIGSEGV:
cat <<EOF | kadmin.local
addprinc -randkey -policy local -allow_tix -allow_tgs_req test/foo
EOF
The following is the offending code which is causing the issue (and the fix
is simply not to dereference a null pointer):
diff -ru src.orig/lib/kadm5/srv/svr_principal.c
src/lib/kadm5/srv/svr_principal.c
--- src.orig/lib/kadm5/srv/svr_principal.c 2011-09-21
12:29:00.000000000 -0400
+++ src/lib/kadm5/srv/svr_principal.c 2012-05-28 23:49:10.000000000 -0400
@@ -187,7 +187,7 @@
char *password = *passptr;
/* Old-style randkey operations disallowed tickets to start. */
- if (!(mask & KADM5_ATTRIBUTES) ||
+ if (!password || !(mask & KADM5_ATTRIBUTES) ||
!(entry->attributes & KRB5_KDB_DISALLOW_ALL_TIX))
return;
More information about the krb5-bugs
mailing list