diff options
Diffstat (limited to 'krb5-kadmind-null-password.patch')
-rw-r--r-- | krb5-kadmind-null-password.patch | 33 |
1 files changed, 0 insertions, 33 deletions
diff --git a/krb5-kadmind-null-password.patch b/krb5-kadmind-null-password.patch deleted file mode 100644 index b64f43f..0000000 --- a/krb5-kadmind-null-password.patch +++ /dev/null @@ -1,33 +0,0 @@ -commit c5be6209311d4a8f10fda37d0d3f876c1b33b77b -Author: Richard Basch <basch@alum.mit.edu> -Date: Tue May 29 14:07:03 2012 -0400 - - Null pointer deref in kadmind [CVE-2012-1013] - - The fix for #6626 could cause kadmind to dereference a null pointer if - a create-principal request contains no password but does contain the - KRB5_KDB_DISALLOW_ALL_TIX flag (e.g. "addprinc -randkey -allow_tix - name"). Only clients authorized to create principals can trigger the - bug. Fix the bug by testing for a null password in check_1_6_dummy. - - CVSSv2 vector: AV:N/AC:M/Au:S/C:N/I:N/A:P/E:H/RL:O/RC:C - - [ghudson@mit.edu: Minor style change and commit message] - - ticket: 7152 - target_version: 1.10.2 - tags: pullup - -diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c -index a0b110d..f5ea005 100644 ---- a/src/lib/kadm5/srv/svr_principal.c -+++ b/src/lib/kadm5/srv/svr_principal.c -@@ -186,7 +186,7 @@ check_1_6_dummy(kadm5_principal_ent_t entry, long mask, - char *password = *passptr; - - /* Old-style randkey operations disallowed tickets to start. */ -- if (!(mask & KADM5_ATTRIBUTES) || -+ if (password == NULL || !(mask & KADM5_ATTRIBUTES) || - !(entry->attributes & KRB5_KDB_DISALLOW_ALL_TIX)) - return; - |