[krbdev.mit.edu #8666] KDC null dereference when TGS reply is too big for UDP

Greg Hudson via RT rt-comment at KRBDEV-PROD-APP-1.mit.edu
Thu Apr 19 14:35:30 EDT 2018

Previous message: [krbdev.mit.edu #8667] Account lockout code duplication between KDB module
Next message: [krbdev.mit.edu #8668] KDC-REQ-BODY server name isn't optional for user-to-user TGS requests
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Using a test case, I verified that prior to 
0a2f14f752c32a24200363cc6b6ae64a92f81379, the KDC successfully responds 
to a TGS request with a too-big error if the reply length exceeds 
max_dgram_reply_size, and after that commit the KDC seg faults with a 
null dereference.

Previous message: [krbdev.mit.edu #8667] Account lockout code duplication between KDB module
Next message: [krbdev.mit.edu #8668] KDC-REQ-BODY server name isn't optional for user-to-user TGS requests
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the krb5-bugs mailing list