From 289555f989b42f2b8d13efe4904dc3515433d5e5 Mon Sep 17 00:00:00 2001
From: Tom Yu <tlyu@mit.edu>
Date: Tue, 29 Dec 2009 02:42:51 +0000
Subject: MITKRB5-SA-2009-003 CVE-2009-3295 KDC null deref in referrals

On certain error conditions, prep_reprocess_req() calls kdc_err() with
a null pointer as the format string, causing a null dereference and
denial of service.  Legitimate protocol requests can trigger this
problem.

ticket: 6608
tags: pullup
target_version: 1.7.1

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23533 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/lib/kadm5/logger.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'src/lib')

diff --git a/src/lib/kadm5/logger.c b/src/lib/kadm5/logger.c
index a3f433910..384e7a8bb 100644
--- a/src/lib/kadm5/logger.c
+++ b/src/lib/kadm5/logger.c
@@ -189,6 +189,9 @@ klog_com_err_proc(const char *whoami, long int code, const char *format, va_list
     char        *cp;
     char        *syslogp;
 
+    if (whoami == NULL || format == NULL)
+        return;
+
     /* Make the header */
     snprintf(outbuf, sizeof(outbuf), "%s: ", whoami);
     /*
-- 
cgit