[krbdev.mit.edu #8726] git commit
Greg Hudson via RT
rt-comment at KRBDEV-PROD-APP-1.mit.edu
Wed Sep 26 15:20:52 EDT 2018
Fix null deref on some invalid PKINIT identities
pkinit_identity.c:parse_fs_options() could crash if the first
strtok_r() call returns NULL, which happens when the residual string
begins with ','. Fix this bug by checking for a leading comma and
checking the strtok_r() result, and add a test case. Reported by Bean
Zhang.
Also return EINVAL rather than 0 on invalid input, and don't leave an
allocated value in idopts->cert_filename if we fail to copy the key
filename.
https://github.com/krb5/krb5/commit/23cd8e41d335027ff2e2a586345a570f97a926d4
Author: Greg Hudson <ghudson at mit.edu>
Commit: 23cd8e41d335027ff2e2a586345a570f97a926d4
Branch: master
src/plugins/preauth/pkinit/pkinit_identity.c | 21 +++++++++++++++------
src/tests/t_pkinit.py | 5 +++++
2 files changed, 20 insertions(+), 6 deletions(-)
More information about the krb5-bugs
mailing list