[krbdev.mit.edu #8068] git commit
Tom Yu via RT
rt-comment at krbdev.mit.edu
Wed Feb 4 17:31:50 EST 2015
Fix kadm5/gssrpc XDR double free [CVE-2014-9421]
[MITKRB5-SA-2015-001] In auth_gssapi_unwrap_data(), do not free
partial deserialization results upon failure to deserialize. This
responsibility belongs to the callers, svctcp_getargs() and
svcudp_getargs(); doing it in the unwrap function results in freeing
the results twice.
In xdr_krb5_tl_data() and xdr_krb5_principal(), null out the pointers
we are freeing, as other XDR functions such as xdr_bytes() and
xdr_string().
(cherry picked from commit a197e92349a4aa2141b5dff12e9dd44c2a2166e3)
https://github.com/krb5/krb5/commit/771228aafa71f472578931b798c9e159a79d196e
Author: Greg Hudson <ghudson at mit.edu>
Committer: Tom Yu <tlyu at mit.edu>
Commit: 771228aafa71f472578931b798c9e159a79d196e
Branch: krb5-1.12
src/lib/kadm5/kadm_rpc_xdr.c | 2 ++
src/lib/rpc/auth_gssapi_misc.c | 1 -
2 files changed, 2 insertions(+), 1 deletions(-)
More information about the krb5-bugs
mailing list