[krbdev.mit.edu #8415] git commit
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Thu May 26 12:19:29 EDT 2016
Check princ length in krb5_sname_match()
krb5_sname_match() can read past the end of princ's component array in
some circumstances (typically when a keytab contains both "x" and
"x/y" principals). Add a length check. Reported by Spencer Jackson.
https://github.com/krb5/krb5/commit/fb9fcfa92fd37221c77e1a4c0b930383e6839e22
Author: Greg Hudson <ghudson at mit.edu>
Commit: fb9fcfa92fd37221c77e1a4c0b930383e6839e22
Branch: master
src/lib/krb5/krb/sname_match.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
More information about the krb5-bugs
mailing list