diff options
author | Nalin Dahyabhai <nalin@dahyabhai.net> | 2011-04-13 14:48:30 -0400 |
---|---|---|
committer | Nalin Dahyabhai <nalin@dahyabhai.net> | 2011-04-13 14:48:30 -0400 |
commit | d75debd9ecfbbfea388a00e88d64f4b802377e26 (patch) | |
tree | 2532a743aa3d4e29a448ef7a2f6e422a24ebca9f | |
parent | 3798eef47c7bf71076961d9cdedb52d4416c8382 (diff) | |
download | krb5-d75debd9ecfbbfea388a00e88d64f4b802377e26.tar.gz krb5-d75debd9ecfbbfea388a00e88d64f4b802377e26.tar.xz krb5-d75debd9ecfbbfea388a00e88d64f4b802377e26.zip |
http://web.mit.edu/kerberos/advisories/2011-004-patch-r18.txt
-rw-r--r-- | 2011-004-patch-r18.txt | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/2011-004-patch-r18.txt b/2011-004-patch-r18.txt new file mode 100644 index 0000000..43daa9b --- /dev/null +++ b/2011-004-patch-r18.txt @@ -0,0 +1,35 @@ +diff --git a/src/kadmin/server/network.c b/src/kadmin/server/network.c +index c8ce4f1..bb911ff 100644 +--- a/src/kadmin/server/network.c ++++ b/src/kadmin/server/network.c +@@ -1384,6 +1384,10 @@ cleanup: + if (local_kaddrs != NULL) + krb5_free_addresses(server_handle->context, local_kaddrs); + ++ if ((*response)->data == NULL) { ++ free(*response); ++ *response = NULL; ++ } + krb5_kt_close(server_handle->context, kt); + + return ret; +diff --git a/src/kadmin/server/schpw.c b/src/kadmin/server/schpw.c +index c1b2217..992b55f 100644 +--- a/src/kadmin/server/schpw.c ++++ b/src/kadmin/server/schpw.c +@@ -74,8 +74,13 @@ process_chpw_request(context, server_handle, realm, keytab, + plen = (*ptr++ & 0xff); + plen = (plen<<8) | (*ptr++ & 0xff); + +- if (plen != req->length) +- return(KRB5KRB_AP_ERR_MODIFIED); ++ if (plen != req->length) { ++ ret = KRB5KRB_AP_ERR_MODIFIED; ++ numresult = KRB5_KPASSWD_MALFORMED; ++ strlcpy(strresult, "Request length was inconsistent", ++ sizeof(strresult)); ++ goto chpwfail; ++ } + + /* verify version number */ + |