diff options
author | Tom Yu <tlyu@mit.edu> | 2010-04-20 21:12:10 +0000 |
---|---|---|
committer | Tom Yu <tlyu@mit.edu> | 2010-04-20 21:12:10 +0000 |
commit | 04392a812b84527dcf7d4cebfa91ab9c69d7cc40 (patch) | |
tree | 37ee2645f224b5061d5927d4d6d4b46ed025c012 /src/tests/dejagnu | |
parent | bc2db93977370ba1935f2a3ca0cb2184b8c27a3a (diff) | |
download | krb5-04392a812b84527dcf7d4cebfa91ab9c69d7cc40.tar.gz krb5-04392a812b84527dcf7d4cebfa91ab9c69d7cc40.tar.xz krb5-04392a812b84527dcf7d4cebfa91ab9c69d7cc40.zip |
Fix CVE-2010-1230 (MITKRB5-SA-2010-004) double-free in KDC triggered
by ticket renewal. Add a test case.
See also http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577490
Thanks to Joel Johnson and Brian Almeida for the reports.
ticket: 6702
target_version: 1.8.2
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23912 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/tests/dejagnu')
-rw-r--r-- | src/tests/dejagnu/config/default.exp | 35 | ||||
-rw-r--r-- | src/tests/dejagnu/krb-standalone/standalone.exp | 4 |
2 files changed, 39 insertions, 0 deletions
diff --git a/src/tests/dejagnu/config/default.exp b/src/tests/dejagnu/config/default.exp index 382c17409e..1638a5a0d4 100644 --- a/src/tests/dejagnu/config/default.exp +++ b/src/tests/dejagnu/config/default.exp @@ -2107,6 +2107,41 @@ proc kinit { name pass standalone } { return 1 } + +proc kinit_renew { name pass standalone } { + global REALMNAME + global KINIT + global spawn_id + + spawn $KINIT -5 -f $name@$REALMNAME + expect { + "Password for $name@$REALMNAME:" { + verbose "kinit started" + } + timeout { + fail "kinit" + return 0 + } + eof { + fail "kinit" + return 0 + } + } + send "$pass\r" + expect eof + if ![check_exit_status kinit] { + return 0 + } + + spawn $KINIT -R + expect eof + if ![check_exit_status "kinit_renew"] { + return 0 + } + + return 1 +} + # Retrieve a ticket using FAST armor proc kinit_fast { name pass standalone } { global REALMNAME diff --git a/src/tests/dejagnu/krb-standalone/standalone.exp b/src/tests/dejagnu/krb-standalone/standalone.exp index c511798b44..dbaf95dbd7 100644 --- a/src/tests/dejagnu/krb-standalone/standalone.exp +++ b/src/tests/dejagnu/krb-standalone/standalone.exp @@ -201,6 +201,10 @@ proc doit { } { return } + if ![kinit_renew krbtest/admin adminpass$KEY 1] { + return + } + # Make sure that klist can see the ticket. if ![do_klist "krbtest/admin@$REALMNAME" "krbtgt/$REALMNAME@$REALMNAME" "klist"] { return |