[krbdev.mit.edu #2545] SVN Commit
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Fri Apr 27 13:04:26 EDT 2012
Ensure null termination of AFS salts
Use krb5int_copy_data_contents_add0 when copying a pa-pw-salt or
pa-afs3-salt value in pa_salt(). If it's an afs3-salt, we're going to
throw away the length and use strcspn in krb5int_des_string_to_key,
which isn't safe if the value is unterminated.
http://src.mit.edu/fisheye/changelog/krb5/?cs=25833
Commit By: ghudson
Revision: 25833
Changed Files:
U trunk/src/lib/krb5/krb/preauth2.c
More information about the krb5-bugs
mailing list