CVE-2010-1321 GSS-API lib null pointer deref (MITKRB5-SA-2010-005)

Make krb5_gss_accept_sec_context() check for a null authenticator checksum pointer before attempting to dereference it. ticket: 6725 tags: pullup target_version: 1.8.2 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24056 dc483132-0cff-0310-8789-dd5450dbe970
author: Tom Yu <tlyu@mit.edu> 2010-05-19 18:09:37 +0000
committer: Tom Yu <tlyu@mit.edu> 2010-05-19 18:09:37 +0000
commit: 3d19e28dc97bb871cef0793e2cf4cf2a70aca239 (patch)
tree: eeaa274c514cd94181fa81e821d175683f15cc54
parent: 89621595e15af56f8e4fcf7b635c2cedd0e4043a (diff)
download: krb5-3d19e28dc97bb871cef0793e2cf4cf2a70aca239.tar.gz
krb5-3d19e28dc97bb871cef0793e2cf4cf2a70aca239.tar.xz
krb5-3d19e28dc97bb871cef0793e2cf4cf2a70aca239.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c
index 2d70646907..e3ec8224b4 100644
--- a/src/lib/gssapi/krb5/accept_sec_context.c
+++ b/src/lib/gssapi/krb5/accept_sec_context.c
@@ -640,6 +640,13 @@ kg_accept_krb5(minor_status, context_handle,
     }
 #endif
 
+    if (authdat->checksum == NULL) {
+        /* missing checksum counts as "inappropriate type" */
+        code = KRB5KRB_AP_ERR_INAPP_CKSUM;
+        major_status = GSS_S_FAILURE;
+        goto fail;
+    }
+
     if (authdat->checksum->checksum_type != CKSUMTYPE_KG_CB) {
         /* Samba does not send 0x8003 GSS-API checksums */
         krb5_boolean valid;
author	Tom Yu <tlyu@mit.edu>	2010-05-19 18:09:37 +0000
committer	Tom Yu <tlyu@mit.edu>	2010-05-19 18:09:37 +0000
commit	3d19e28dc97bb871cef0793e2cf4cf2a70aca239 (patch)
tree	eeaa274c514cd94181fa81e821d175683f15cc54
parent	89621595e15af56f8e4fcf7b635c2cedd0e4043a (diff)
download	krb5-3d19e28dc97bb871cef0793e2cf4cf2a70aca239.tar.gz krb5-3d19e28dc97bb871cef0793e2cf4cf2a70aca239.tar.xz krb5-3d19e28dc97bb871cef0793e2cf4cf2a70aca239.zip