[krbdev.mit.edu #9150] [Comment] libdb2 does not adequately validate hash metadata
Greg Hudson via RT
rt-comment at kerborg-prod-app-1.mit.edu
Mon Nov 4 18:32:23 EST 2024
http://kerborg-prod-app-1.mit.edu/rt/Ticket/Display.html?id=9150
This is a comment. It is not sent to the Requestor(s):
This came in as a series of apparent static analysis reports. A second report
noted a second tainting issue in the same function. Everything used in the
bpages calculation at line 169 comes from the database file without
validation, which means the memset() at line 174 could exceed the bounds of
hashp->mapp for a variety of reasons.
This isn't a security issue because KDB metadata is trusted input, and this
isn't likely to manifest as a bug because the hash database type isn't used by
default (btree is). But since this code appears very lax about validating
metadata loaded from the DB file, there could be similar issues in the btree
code or elsewhere in the hash code.
More information about the krb5-bugs
mailing list