[krbdev.mit.edu #7912] git commit
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Mon May 19 10:18:45 EDT 2014
Fix invalid JSON handling in KDC OTP module
If the OTP configuration for a principal contains invalid JSON, the
KDC OTP module calls k5_json_get_tid on a null pointer, causing the
KDC process to crash. Fix this bug by checking the return value of
k5_json_decode in decode_config_json.
https://github.com/krb5/krb5/commit/dab1c234e15afdc64dfe776bdbc65bbc17d07e12
Author: Greg Hudson <ghudson at mit.edu>
Commit: dab1c234e15afdc64dfe776bdbc65bbc17d07e12
Branch: master
src/plugins/preauth/otp/otp_state.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
More information about the krb5-bugs
mailing list