krb5 commit: Fix multiple UPN handling in PKINIT client certs
Greg Hudson
ghudson at mit.edu
Wed Apr 7 16:53:03 EDT 2021
https://github.com/krb5/krb5/commit/4e325cadee4f5511e494f0b4fd9faeb24e7b7c08
commit 4e325cadee4f5511e494f0b4fd9faeb24e7b7c08
Author: Ken Hornstein <kenh at cmf.nrl.navy.mil>
Date: Wed Mar 17 17:44:46 2021 -0400
Fix multiple UPN handling in PKINIT client certs
Commit 0f26c1c7504777d6e7bfa1d3dee575c504ab6c05 neglected to increment
the array index when storing UPN strings. Also remove the unused
num_found variable.
[ghudson at mit.edu: pulled from a larger commit; added removal of
num_found; wrote commit message]
ticket: 9000 (new)
src/plugins/preauth/pkinit/pkinit_crypto_openssl.c | 5 ++---
1 files changed, 2 insertions(+), 3 deletions(-)
diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
index fbbdab5..2639104 100644
--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
@@ -1964,7 +1964,7 @@ crypto_retrieve_X509_sans(krb5_context context,
krb5_principal *princs = NULL;
char **upns = NULL;
unsigned char **dnss = NULL;
- unsigned int i, num_found = 0, num_sans = 0;
+ unsigned int i, num_sans = 0;
X509_EXTENSION *ext = NULL;
GENERAL_NAMES *ialt = NULL;
GENERAL_NAME *gen = NULL;
@@ -2047,7 +2047,6 @@ crypto_retrieve_X509_sans(krb5_context context,
__FUNCTION__);
} else {
p++;
- num_found++;
}
} else if (upns != NULL &&
OBJ_cmp(plgctx->id_ms_san_upn,
@@ -2058,6 +2057,7 @@ crypto_retrieve_X509_sans(krb5_context context,
upns[u] = k5memdup0(name.data, name.length, &ret);
if (upns[u] == NULL)
goto cleanup;
+ u++;
} else {
pkiDebug("%s: unrecognized othername oid in SAN\n",
__FUNCTION__);
@@ -2079,7 +2079,6 @@ crypto_retrieve_X509_sans(krb5_context context,
__FUNCTION__);
} else {
d++;
- num_found++;
}
}
break;
More information about the cvs-krb5
mailing list