KDC denial of service attacks [MITKRB5-SA-2011-002 CVE-2011-0281 CVE-2011-0282 CVE-2011-0283]

[CVE-2011-0281 CVE-2011-0282] Fix some LDAP back end principal name handling that could cause the KDC to hang or crash. [CVE-2011-0283] Fix a KDC null pointer dereference introduced in krb5-1.9. ticket: 6860 tags: pullup target_version: 1.9.1 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24622 dc483132-0cff-0310-8789-dd5450dbe970
author: Tom Yu <tlyu@mit.edu> 2011-02-09 20:25:08 +0000
committer: Tom Yu <tlyu@mit.edu> 2011-02-09 20:25:08 +0000
commit: 16516c83aca3f78674d103bdae59fde3910ac65c (patch)
tree: 57ca20dda2d9d77f9de28bdf36a31ed4cb4af741 /src/kdc/dispatch.c
parent: a2231ea83d401ec8811c69f7133656caaa1d9667 (diff)
download: krb5-16516c83aca3f78674d103bdae59fde3910ac65c.tar.gz
krb5-16516c83aca3f78674d103bdae59fde3910ac65c.tar.xz
krb5-16516c83aca3f78674d103bdae59fde3910ac65c.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/src/kdc/dispatch.c b/src/kdc/dispatch.c
index 63ff3b38d8..b4a90bb30c 100644
--- a/src/kdc/dispatch.c
+++ b/src/kdc/dispatch.c
@@ -115,7 +115,8 @@ dispatch(void *cb, struct sockaddr *local_saddr, const krb5_fulladdr *from,
         kdc_insert_lookaside(pkt, *response);
 #endif
 
-    if (is_tcp == 0 && (*response)->length > max_dgram_reply_size) {
+    if (is_tcp == 0 && *response != NULL &&
+        (*response)->length > max_dgram_reply_size) {
     too_big_for_udp:
         krb5_free_data(kdc_context, *response);
         retval = make_too_big_error(response);
author	Tom Yu <tlyu@mit.edu>	2011-02-09 20:25:08 +0000
committer	Tom Yu <tlyu@mit.edu>	2011-02-09 20:25:08 +0000
commit	16516c83aca3f78674d103bdae59fde3910ac65c (patch)
tree	57ca20dda2d9d77f9de28bdf36a31ed4cb4af741 /src/kdc/dispatch.c
parent	a2231ea83d401ec8811c69f7133656caaa1d9667 (diff)
download	krb5-16516c83aca3f78674d103bdae59fde3910ac65c.tar.gz krb5-16516c83aca3f78674d103bdae59fde3910ac65c.tar.xz krb5-16516c83aca3f78674d103bdae59fde3910ac65c.zip