diff options
| author | Greg Hudson <ghudson@mit.edu> | 2014-05-18 17:57:25 -0400 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2014-05-19 10:17:48 -0400 |
| commit | dab1c234e15afdc64dfe776bdbc65bbc17d07e12 (patch) | |
| tree | 0511f528e998161f2fc0feaa1ed4ea6b4ee30e8e | |
| parent | cacdcf8ebe184326579fabef3ae3f86b16dade81 (diff) | |
| download | krb5-dab1c234e15afdc64dfe776bdbc65bbc17d07e12.tar.gz krb5-dab1c234e15afdc64dfe776bdbc65bbc17d07e12.tar.xz krb5-dab1c234e15afdc64dfe776bdbc65bbc17d07e12.zip | |
Fix invalid JSON handling in KDC OTP module
If the OTP configuration for a principal contains invalid JSON, the
KDC OTP module calls k5_json_get_tid on a null pointer, causing the
KDC process to crash. Fix this bug by checking the return value of
k5_json_decode in decode_config_json.
ticket: 7912 (new)
target_version: 1.12.2
tags: pullup
| -rw-r--r-- | src/plugins/preauth/otp/otp_state.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/plugins/preauth/otp/otp_state.c b/src/plugins/preauth/otp/otp_state.c index 4643dff9a..7deb462d6 100644 --- a/src/plugins/preauth/otp/otp_state.c +++ b/src/plugins/preauth/otp/otp_state.c @@ -401,6 +401,8 @@ decode_config_json(const char *config, k5_json_array *out) /* Decode the config string and make sure it's an array. */ retval = k5_json_decode((config != NULL) ? config : "[{}]", &val); + if (retval != 0) + goto error; if (k5_json_get_tid(val) != K5_JSON_TID_ARRAY) { retval = EINVAL; goto error; |