[krbdev.mit.edu #9209] git commit
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Sat May 16 18:37:04 EDT 2026
Sat May 16 18:37:04 2026: Request 9209 was acted upon.
Transaction: Ticket created by ghudson at mit.edu
Queue: krb5
Subject: git commit
Owner: ghudson at mit.edu
Requestors:
Status: new
Ticket <URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=9209 >
Validate lengths when deserializing
When unmarshalling data structures using the krb5_ser_ functions,
bound-check lengths (including array counts) against the remaining
number of bytes to prevent large allocations, integer overflows, and a
potential read overrun in mspac_internalize(). Add an internal helper
function k5_ser_unpack_len() for this purpose.
[ghudson at mit.edu: added helper; added bounds checks for additional
lengths; rewrote commit message]
https://github.com/krb5/krb5/commit/63ae6a8d99ce89258d732f7561233f60df533fa9
Author: TristanInSec <tristan.mtn at gmail.com>
Committer: Greg Hudson <ghudson at mit.edu>
Commit: 63ae6a8d99ce89258d732f7561233f60df533fa9
Branch: master
src/include/k5-int.h | 3 +++
src/lib/gssapi/krb5/ser_sctx.c | 6 ++++++
src/lib/krb5/krb/authdata.c | 5 ++---
src/lib/krb5/krb/pac.c | 13 ++++++-------
src/lib/krb5/krb/ser_actx.c | 5 ++---
src/lib/krb5/krb/ser_adata.c | 13 ++++++-------
src/lib/krb5/krb/ser_addr.c | 12 ++++++------
src/lib/krb5/krb/ser_auth.c | 15 +++++----------
src/lib/krb5/krb/ser_cksum.c | 14 ++++++--------
src/lib/krb5/krb/ser_ctx.c | 18 +++++++++---------
src/lib/krb5/krb/ser_key.c | 11 +++++------
src/lib/krb5/krb/ser_princ.c | 11 +++++------
src/lib/krb5/krb/serialize.c | 18 ++++++++++++++++++
src/lib/krb5/libkrb5.exports | 1 +
src/plugins/authdata/greet_client/greet.c | 2 ++
15 files changed, 82 insertions(+), 65 deletions(-)
More information about the krb5-bugs
mailing list