krb5 commit: Add test case for CVE-2013-1416
Tom Yu
tlyu at MIT.EDU
Thu May 9 18:17:12 EDT 2013
https://github.com/krb5/krb5/commit/ab8aa580737d0283bf7cc1f71fa8d692a2ddd75c
commit ab8aa580737d0283bf7cc1f71fa8d692a2ddd75c
Author: Tom Yu <tlyu at mit.edu>
Date: Thu May 9 16:51:31 2013 -0400
Add test case for CVE-2013-1416
ticket: 7635 (new)
src/tests/Makefile.in | 1 +
src/tests/t_cve-2013-1416.py | 15 +++++++++++++++
2 files changed, 16 insertions(+), 0 deletions(-)
diff --git a/src/tests/Makefile.in b/src/tests/Makefile.in
index 55a3237..23684c0 100644
--- a/src/tests/Makefile.in
+++ b/src/tests/Makefile.in
@@ -101,6 +101,7 @@ check-pytests:: gcred hist kdbtest t_localauth
$(RUNPYTEST) $(srcdir)/t_kdb.py $(PYTESTFLAGS)
$(RUNPYTEST) $(srcdir)/t_cve-2012-1014.py $(PYTESTFLAGS)
$(RUNPYTEST) $(srcdir)/t_cve-2012-1015.py $(PYTESTFLAGS)
+ $(RUNPYTEST) $(srcdir)/t_cve-2013-1416.py $(PYTESTFLAGS)
clean::
$(RM) gcred hist kdbtest krb5.conf kdc.conf t_localauth
diff --git a/src/tests/t_cve-2013-1416.py b/src/tests/t_cve-2013-1416.py
new file mode 100644
index 0000000..94fb6d5
--- /dev/null
+++ b/src/tests/t_cve-2013-1416.py
@@ -0,0 +1,15 @@
+#!/usr/bin/python
+
+from k5test import *
+
+realm = K5Realm()
+
+# CVE-2013-1416 KDC dereferences null pointer
+
+realm.kinit(realm.user_princ, password('user'))
+realm.run([kvno, '/test'], expected_code=1)
+realm.run([kvno, 'test/'], expected_code=1)
+realm.run([kvno, '/'], expected_code=1)
+# Make sure KDC is still running.
+realm.kinit(realm.user_princ, password('user'))
+success('CVE-2013-1416 regression test')
More information about the cvs-krb5
mailing list