[krbdev.mit.edu #9150] Tainted array index at plugins/kdb/db2/libdb2/hash/hash.c:__kdb2_hash_open
Val VF via RT
rt-comment at kerborg-prod-app-1.mit.edu
Mon Nov 4 18:06:31 EST 2024
Mon Nov 04 18:06:31 2024: Request 9150 was acted upon.
Transaction: Ticket created by federicovalenso at gmail.com
Queue: krb5
Subject: Tainted array index at plugins/kdb/db2/libdb2/hash/hash.c:__kdb2_hash_open
Owner: Nobody
Requestors: federicovalenso at gmail.com
Status: new
Ticket <URL: http://kerborg-prod-app-1.mit.edu/rt/Ticket/Display.html?id=9150 >
Good day!
Variable *hashp->hdr.ovfl_point *was read from file*, *we should make sure
this value is within bounds, because it's used as an array index
<https://github.com/krb5/krb5/blob/ff4d99b1e4f7b652fc98330c21d1c92e01f14736/src/plugins/kdb/db2/libdb2/hash/hash.c#L169C31-L169C52>
.
With respect,
Valery Fedorenko
More information about the krb5-bugs
mailing list