diff options
author | Tom Yu <tlyu@mit.edu> | 2009-12-29 02:42:51 +0000 |
---|---|---|
committer | Tom Yu <tlyu@mit.edu> | 2009-12-29 02:42:51 +0000 |
commit | 289555f989b42f2b8d13efe4904dc3515433d5e5 (patch) | |
tree | 10058cd9b1cbc5ad04a7198b5b9a050e2c4c1017 /src/kdc/do_tgs_req.c | |
parent | 2656433242405bba721ff2dd46047a38669a3fd3 (diff) | |
download | krb5-289555f989b42f2b8d13efe4904dc3515433d5e5.tar.gz krb5-289555f989b42f2b8d13efe4904dc3515433d5e5.tar.xz krb5-289555f989b42f2b8d13efe4904dc3515433d5e5.zip |
MITKRB5-SA-2009-003 CVE-2009-3295 KDC null deref in referrals
On certain error conditions, prep_reprocess_req() calls kdc_err() with
a null pointer as the format string, causing a null dereference and
denial of service. Legitimate protocol requests can trigger this
problem.
ticket: 6608
tags: pullup
target_version: 1.7.1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23533 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/kdc/do_tgs_req.c')
-rw-r--r-- | src/kdc/do_tgs_req.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c index 4a778f4120..26fde1e0c9 100644 --- a/src/kdc/do_tgs_req.c +++ b/src/kdc/do_tgs_req.c @@ -1251,7 +1251,7 @@ prep_reprocess_req(krb5_kdc_req *request, krb5_principal *krbtgt_princ) free(temp_buf); if (retval) { /* no match found */ - kdc_err(kdc_context, retval, 0); + kdc_err(kdc_context, retval, "unable to find realm of host"); goto cleanup; } if (realms == 0) { |