diff options
author | Tom Yu <tlyu@mit.edu> | 2012-08-07 23:14:03 -0400 |
---|---|---|
committer | Tom Yu <tlyu@mit.edu> | 2012-08-07 23:34:56 -0400 |
commit | 98d2c88615ebbaf2012d54a2e17aa3863ba4b7f6 (patch) | |
tree | f4e094e850dc6590574c53968911ad782d7d6ca2 /src/tests/t_cve-2012-1014.py | |
parent | 0474c489f8298b82e33ae96f542484ec2ae6bd27 (diff) | |
download | krb5-98d2c88615ebbaf2012d54a2e17aa3863ba4b7f6.tar.gz krb5-98d2c88615ebbaf2012d54a2e17aa3863ba4b7f6.tar.xz krb5-98d2c88615ebbaf2012d54a2e17aa3863ba4b7f6.zip |
Regression tests for CVE-2012-1014, CVE-2012-1015
ticket: 7231 (new)
target_version: 1.10.3
tags: pullup
Diffstat (limited to 'src/tests/t_cve-2012-1014.py')
-rw-r--r-- | src/tests/t_cve-2012-1014.py | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/src/tests/t_cve-2012-1014.py b/src/tests/t_cve-2012-1014.py new file mode 100644 index 000000000..e02162d6c --- /dev/null +++ b/src/tests/t_cve-2012-1014.py @@ -0,0 +1,31 @@ +#!/usr/bin/python + +import base64 +import socket +from k5test import * + +realm = K5Realm() + +# CVE-2012-1014 KDC dereferences uninitialized pointer + +# Affects only krb5-1.10.x. + +s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) +a = (hostname, realm.portbase) + +x1 = base64.b16decode('6A5E305BA103020105A2030201') +x2 = base64.b16decode('A44F304DA007030500FEDCBA90A10E30' + + '0CA003020101A10530031B0141A2031B' + + '0141A30E300CA003020101A10530031B' + + '0141A511180F31393934303631303036' + + '303331375AA70302012AA80530030201' + + '01') + +for x in range(11, 128): + s.sendto(''.join([x1, chr(x), x2]), a) + +# Make sure kinit still works. + +realm.kinit(realm.user_princ, password('user')) + +success('CVE-2012-1014 regression test') |