krb5 commit: Fix uncommon null dereference in PKINIT client
Greg Hudson
ghudson at mit.edu
Mon Jul 6 15:56:45 EDT 2015
https://github.com/krb5/krb5/commit/47b37b9e13ca1456ba6710f31bc41012d050dd07
commit 47b37b9e13ca1456ba6710f31bc41012d050dd07
Author: Greg Hudson <ghudson at mit.edu>
Date: Fri Jul 3 19:34:46 2015 -0400
Fix uncommon null dereference in PKINIT client
crypto_retrieve_cert_sans() is allowed to set its princs output to
NULL, although the OpenSSL implementation rarely does. Fix the
TRACE_PKINIT_CLIENT_SAN_KDCCERT_PRINC for loop to allow this like other
parts of the function do, and also get rid of the unnecessary princptr
variable by using an integer index like other parts of the function.
Based on a patch from Daniel Deptula.
ticket: 8214 (new)
target_version: 1.13.3
tags: pullup
src/plugins/preauth/pkinit/pkinit_clnt.c | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/plugins/preauth/pkinit/pkinit_clnt.c b/src/plugins/preauth/pkinit/pkinit_clnt.c
index 61dc1de..e73ad53 100644
--- a/src/plugins/preauth/pkinit/pkinit_clnt.c
+++ b/src/plugins/preauth/pkinit/pkinit_clnt.c
@@ -466,7 +466,7 @@ verify_kdc_san(krb5_context context,
{
krb5_error_code retval;
char **certhosts = NULL, **cfghosts = NULL, **hostptr;
- krb5_principal *princs = NULL, *princptr;
+ krb5_principal *princs = NULL;
unsigned char ***get_dns;
int i, j;
@@ -498,8 +498,8 @@ verify_kdc_san(krb5_context context,
retval = KRB5KDC_ERR_KDC_NAME_MISMATCH;
goto out;
}
- for (princptr = princs; *princptr != NULL; princptr++)
- TRACE_PKINIT_CLIENT_SAN_KDCCERT_PRINC(context, *princptr);
+ for (i = 0; princs != NULL && princs[i] != NULL; i++)
+ TRACE_PKINIT_CLIENT_SAN_KDCCERT_PRINC(context, princs[i]);
if (certhosts != NULL) {
for (hostptr = certhosts; *hostptr != NULL; hostptr++)
TRACE_PKINIT_CLIENT_SAN_KDCCERT_DNSNAME(context, *hostptr);
More information about the cvs-krb5
mailing list