[krbdev.mit.edu #9193] git commit
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Sun Jan 25 03:12:46 EST 2026
Sun Jan 25 03:12:46 2026: Request 9193 was acted upon.
Transaction: Ticket created by ghudson at mit.edu
Queue: krb5
Subject: git commit
Owner: ghudson at mit.edu
Requestors:
Status: new
Ticket <URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=9193 >
Fix uninitialized pointer dereference in libkrad
Commit 871125fea8ce0370a972bf65f7d1de63f619b06c changed
krad_packet_decode_request() to use a local variable "req" to hold the
decoded packet until it is verified, instead of immediately storing
into the caller's *reqpkt. The code to check for duplicate packets
erroneously continues to use *reqpkt, causing a read dereference of
whatever was in *reqpkt on entry to the function (typically null or an
uninitialized value). Fix the code to use req instead of *reqpkt.
This bug does not affect the KDC (which only uses libkrad as a
client), but can crash external software using libkrad as a server if
it ever processes more than one packet at a time.
[ghudson at mit.edu: edited commit message]
https://github.com/krb5/krb5/commit/f74a1b3fcde44cfa0d487973fd47a943cda49dc8
Author: Julien Rische <jrische at redhat.com>
Committer: Greg Hudson <ghudson at mit.edu>
Commit: f74a1b3fcde44cfa0d487973fd47a943cda49dc8
Branch: master
src/lib/krad/packet.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
More information about the krb5-bugs
mailing list