diff options
author | Tom Yu <tlyu@mit.edu> | 2011-02-09 20:25:08 +0000 |
---|---|---|
committer | Tom Yu <tlyu@mit.edu> | 2011-02-09 20:25:08 +0000 |
commit | 16516c83aca3f78674d103bdae59fde3910ac65c (patch) | |
tree | 57ca20dda2d9d77f9de28bdf36a31ed4cb4af741 /src/kdc/dispatch.c | |
parent | a2231ea83d401ec8811c69f7133656caaa1d9667 (diff) | |
download | krb5-16516c83aca3f78674d103bdae59fde3910ac65c.tar.gz krb5-16516c83aca3f78674d103bdae59fde3910ac65c.tar.xz krb5-16516c83aca3f78674d103bdae59fde3910ac65c.zip |
KDC denial of service attacks [MITKRB5-SA-2011-002 CVE-2011-0281 CVE-2011-0282 CVE-2011-0283]
[CVE-2011-0281 CVE-2011-0282] Fix some LDAP back end principal name
handling that could cause the KDC to hang or crash.
[CVE-2011-0283] Fix a KDC null pointer dereference introduced in krb5-1.9.
ticket: 6860
tags: pullup
target_version: 1.9.1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24622 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/kdc/dispatch.c')
-rw-r--r-- | src/kdc/dispatch.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/kdc/dispatch.c b/src/kdc/dispatch.c index 63ff3b38d8..b4a90bb30c 100644 --- a/src/kdc/dispatch.c +++ b/src/kdc/dispatch.c @@ -115,7 +115,8 @@ dispatch(void *cb, struct sockaddr *local_saddr, const krb5_fulladdr *from, kdc_insert_lookaside(pkt, *response); #endif - if (is_tcp == 0 && (*response)->length > max_dgram_reply_size) { + if (is_tcp == 0 && *response != NULL && + (*response)->length > max_dgram_reply_size) { too_big_for_udp: krb5_free_data(kdc_context, *response); retval = make_too_big_error(response); |