[krbdev.mit.edu #8620] git commit
Greg Hudson via RT
rt-comment at KRBDEV-PROD-APP-1.mit.edu
Wed Nov 22 13:11:09 EST 2017
Length check when parsing GSS token encapsulation
gssint_get_mech_type_oid() is used by gss_accept_sec_context() to
determine the mechanism of the token. Without length checking, it
might read a few bytes past the end of the input token buffer. Add
length checking as well as test cases for truncated encapsulations.
Reported by Bar Katz.
(cherry picked from commit f949e990f930f48df1f108fe311c58ae3da18b24)
https://github.com/krb5/krb5/commit/b70ef60b1290ff6b6a028ac51ee761222e083720
Author: Greg Hudson <ghudson at mit.edu>
Commit: b70ef60b1290ff6b6a028ac51ee761222e083720
Branch: krb5-1.14
src/lib/gssapi/mechglue/g_glue.c | 20 +++++++++----
src/tests/gssapi/t_invalid.c | 57 ++++++++++++++++++++++++++++++++++---
2 files changed, 66 insertions(+), 11 deletions(-)
More information about the krb5-bugs
mailing list