freeipa.git - FreeIPA patches

diff options

author	Thierry Bordaz <tbordaz@redhat.com>	2016-07-18 15:00:02 +0200
committer	Martin Basti <mbasti@redhat.com>	2016-07-19 13:17:37 +0200
commit	b04f617803c430b13f8796e911f78bd65f6cf55f (patch)
tree	78ae53b44c338f6a72650606b87ef909870028da /ipapython/errors.py
parent	72b2c8a54de09d6e5c1cc82c951d5bfd06938e88 (diff)
download	freeipa-b04f617803c430b13f8796e911f78bd65f6cf55f.tar.gz freeipa-b04f617803c430b13f8796e911f78bd65f6cf55f.tar.xz freeipa-b04f617803c430b13f8796e911f78bd65f6cf55f.zip

Heap corruption in ipapwd plugin

ipapwd_encrypt_encode_key allocates 'kset' on the heap but with num_keys and keys not being initialized. Then ipa_krb5_generate_key_data initializes them with the generated keys. If ipa_krb5_generate_key_data fails (here EINVAL meaning no principal->realm.data), num_keys and keys are left uninitialized. Upon failure, ipapwd_keyset_free is called to free 'kset' that contains random num_keys and keys. allocates kset with calloc so that kset->num_keys==0 and kset->keys==NULL https://fedorahosted.org/freeipa/ticket/6030 Reviewed-By: Simo Sorce <ssorce@redhat.com> Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>

Diffstat (limited to 'ipapython/errors.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: