[krbdev.mit.edu #8620] git commit
Greg Hudson via RT
rt-comment at KRBDEV-PROD-APP-1.mit.edu
Tue Nov 21 15:06:18 EST 2017
Length check when parsing GSS token encapsulation
gssint_get_mech_type_oid() is used by gss_accept_sec_context() to
determine the mechanism of the token. Without length checking, it
might read a few bytes past the end of the input token buffer. Add
length checking as well as test cases for truncated encapsulations.
Reported by Bar Katz.
https://github.com/krb5/krb5/commit/f949e990f930f48df1f108fe311c58ae3da18b24
Author: Greg Hudson <ghudson at mit.edu>
Commit: f949e990f930f48df1f108fe311c58ae3da18b24
Branch: master
src/lib/gssapi/mechglue/g_glue.c | 20 +++++++++----
src/tests/gssapi/t_invalid.c | 57 ++++++++++++++++++++++++++++++++++---
2 files changed, 66 insertions(+), 11 deletions(-)
More information about the krb5-bugs
mailing list