From dab1c234e15afdc64dfe776bdbc65bbc17d07e12 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Sun, 18 May 2014 17:57:25 -0400 Subject: Fix invalid JSON handling in KDC OTP module If the OTP configuration for a principal contains invalid JSON, the KDC OTP module calls k5_json_get_tid on a null pointer, causing the KDC process to crash. Fix this bug by checking the return value of k5_json_decode in decode_config_json. ticket: 7912 (new) target_version: 1.12.2 tags: pullup --- src/plugins/preauth/otp/otp_state.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'src/plugins') diff --git a/src/plugins/preauth/otp/otp_state.c b/src/plugins/preauth/otp/otp_state.c index 4643dff9a..7deb462d6 100644 --- a/src/plugins/preauth/otp/otp_state.c +++ b/src/plugins/preauth/otp/otp_state.c @@ -401,6 +401,8 @@ decode_config_json(const char *config, k5_json_array *out) /* Decode the config string and make sure it's an array. */ retval = k5_json_decode((config != NULL) ? config : "[{}]", &val); + if (retval != 0) + goto error; if (k5_json_get_tid(val) != K5_JSON_TID_ARRAY) { retval = EINVAL; goto error; -- cgit