svn rev #22811: branches/krb5-1-7/src/plugins/preauth/pkinit/
tlyu@MIT.EDU
tlyu at MIT.EDU
Mon Sep 28 21:38:49 EDT 2009
http://src.mit.edu/fisheye/changelog/krb5/?cs=22811
Commit By: tlyu
Log Message:
ticket: 6542
version_fixed: 1.7.1
status: resolved
pull up r22516 from trunk
------------------------------------------------------------------------
r22516 | ghudson | 2009-08-10 15:12:47 -0400 (Mon, 10 Aug 2009) | 8 lines
ticket: 6542
subject: Check for null characters in pkinit cert fields
tags: pullup
target_version: 1.7
When processing DNS names or MS UPNs in pkinit certs, disallow
embedded null characters.
Changed Files:
U branches/krb5-1-7/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
Modified: branches/krb5-1-7/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
===================================================================
--- branches/krb5-1-7/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c 2009-09-29 01:12:42 UTC (rev 22810)
+++ branches/krb5-1-7/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c 2009-09-29 01:38:48 UTC (rev 22811)
@@ -1761,6 +1761,9 @@
} else if (upns != NULL
&& OBJ_cmp(plgctx->id_ms_san_upn,
gen->d.otherName->type_id) == 0) {
+ /* Prevent abuse of embedded null characters. */
+ if (memchr(name.data, '\0', name.length))
+ break;
ret = krb5_parse_name(context, name.data, &upns[u]);
if (ret) {
pkiDebug("%s: failed parsing ms-upn san value\n",
@@ -1778,6 +1781,10 @@
break;
case GEN_DNS:
if (dnss != NULL) {
+ /* Prevent abuse of embedded null characters. */
+ if (memchr(gen->d.dNSName->data, '\0',
+ gen->d.dNSName->length))
+ break;
pkiDebug("%s: found dns name = %s\n",
__FUNCTION__, gen->d.dNSName->data);
dnss[d] = (unsigned char *)
More information about the cvs-krb5
mailing list