svn rev #22516: trunk/src/plugins/preauth/pkinit/
ghudson@MIT.EDU
ghudson at MIT.EDU
Mon Aug 10 15:12:47 EDT 2009
http://src.mit.edu/fisheye/changelog/krb5/?cs=22516
Commit By: ghudson
Log Message:
ticket: 6542
subject: Check for null characters in pkinit cert fields
tags: pullup
target_version: 1.7
When processing DNS names or MS UPNs in pkinit certs, disallow
embedded null characters.
Changed Files:
U trunk/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
Modified: trunk/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
===================================================================
--- trunk/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c 2009-08-10 05:26:05 UTC (rev 22515)
+++ trunk/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c 2009-08-10 19:12:47 UTC (rev 22516)
@@ -1761,6 +1761,9 @@
} else if (upns != NULL
&& OBJ_cmp(plgctx->id_ms_san_upn,
gen->d.otherName->type_id) == 0) {
+ /* Prevent abuse of embedded null characters. */
+ if (memchr(name.data, '\0', name.length))
+ break;
ret = krb5_parse_name(context, name.data, &upns[u]);
if (ret) {
pkiDebug("%s: failed parsing ms-upn san value\n",
@@ -1778,6 +1781,10 @@
break;
case GEN_DNS:
if (dnss != NULL) {
+ /* Prevent abuse of embedded null characters. */
+ if (memchr(gen->d.dNSName->data, '\0',
+ gen->d.dNSName->length))
+ break;
pkiDebug("%s: found dns name = %s\n",
__FUNCTION__, gen->d.dNSName->data);
dnss[d] = (unsigned char *)
More information about the cvs-krb5
mailing list