[krbdev.mit.edu #7881] git commit

Tom Yu via RT rt-comment at krbdev.mit.edu
Tue Mar 18 17:42:56 EDT 2014


Fix returning KDB_NOENTRY in find_alternate_tgs()

After searching for a cross-realm TGS entry to provide to a client as a
referral, if we're all set to return a success code but aren't actually
returning an entry, we should be returning an error.  We might not do so
because we don't compare the right value against NULL.

This corrects an error in a redundant check in the patch for
CVE-2013-1417.  The error in the check cannot occur in practice
because the other part of the patch for CVE-2013-1417 prevents it, but
static analyzers can flag the erroneous check.

[tlyu at mit.edu: edit commit message]

https://github.com/krb5/krb5/commit/90cbf4eb60d8ec3c083195ba4a050a31ea36be0b
Author: Nalin Dahyabhai <nalin at dahyabhai.net>
Committer: Tom Yu <tlyu at mit.edu>
Commit: 90cbf4eb60d8ec3c083195ba4a050a31ea36be0b
Branch: master
 src/kdc/do_tgs_req.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)



More information about the krb5-bugs mailing list