[krbdev.mit.edu #7912] git commit
Tom Yu via RT
rt-comment at krbdev.mit.edu
Fri Jun 27 12:34:51 EDT 2014
Fix invalid JSON handling in KDC OTP module
If the OTP configuration for a principal contains invalid JSON, the
KDC OTP module calls k5_json_get_tid on a null pointer, causing the
KDC process to crash. Fix this bug by checking the return value of
k5_json_decode in decode_config_json.
(cherry picked from commit dab1c234e15afdc64dfe776bdbc65bbc17d07e12)
https://github.com/krb5/krb5/commit/e52d893ec6701006bbf390856bf94bfe8da7c483
Author: Greg Hudson <ghudson at mit.edu>
Committer: Tom Yu <tlyu at mit.edu>
Commit: e52d893ec6701006bbf390856bf94bfe8da7c483
Branch: krb5-1.12
src/plugins/preauth/otp/otp_state.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
More information about the krb5-bugs
mailing list