[krbdev.mit.edu #8617] Bug in PKINIT
Ðавел ÐÑайнов via RT
rt-comment at krbdev.mit.edu
Tue Oct 24 18:45:39 EDT 2017
Hi,
In file \src\plugins\preauth\pkinit\pkinit_crypto_openssl.h I have found
constant:
#define DN_BUF_LEN 256
So, the size of DN is limited by 256 bytes. It is very small and can be
easily overflowed, especially if DN contains utf8-encoded CN/O/OU.
In this case PKINIT failed with error 'stack smashing detected'.
Please, consider to increase DN_BUF_LEN or use dynamic memory allocation
for DN buffer.
More information about the krb5-bugs
mailing list