summaryrefslogtreecommitdiff
path: root/staging/krb5/CVE-2011-0285.patch
diff options
context:
space:
mode:
Diffstat (limited to 'staging/krb5/CVE-2011-0285.patch')
-rw-r--r--staging/krb5/CVE-2011-0285.patch39
1 files changed, 39 insertions, 0 deletions
diff --git a/staging/krb5/CVE-2011-0285.patch b/staging/krb5/CVE-2011-0285.patch
new file mode 100644
index 000000000..61039113f
--- /dev/null
+++ b/staging/krb5/CVE-2011-0285.patch
@@ -0,0 +1,39 @@
+diff --git a/src/kadmin/server/schpw.c b/src/kadmin/server/schpw.c
+index 1124445..0056885 100644
+--- a/src/kadmin/server/schpw.c
++++ b/src/kadmin/server/schpw.c
+@@ -52,6 +52,7 @@ process_chpw_request(context, server_handle, realm, keytab,
+
+ ret = 0;
+ rep->length = 0;
++ rep->data = NULL;
+
+ auth_context = NULL;
+ changepw = NULL;
+@@ -76,8 +77,13 @@ process_chpw_request(context, server_handle, realm, keytab,
+ plen = (*ptr++ & 0xff);
+ plen = (plen<<8) | (*ptr++ & 0xff);
+
+- if (plen != req->length)
+- return(KRB5KRB_AP_ERR_MODIFIED);
++ if (plen != req->length) {
++ ret = KRB5KRB_AP_ERR_MODIFIED;
++ numresult = KRB5_KPASSWD_MALFORMED;
++ strlcpy(strresult, "Request length was inconsistent",
++ sizeof(strresult));
++ goto chpwfail;
++ }
+
+ /* verify version number */
+
+@@ -531,6 +537,10 @@ cleanup:
+ if (local_kaddrs != NULL)
+ krb5_free_addresses(server_handle->context, local_kaddrs);
+
++ if ((*response)->data == NULL) {
++ free(*response);
++ *response = NULL;
++ }
+ krb5_kt_close(server_handle->context, kt);
+
+ return ret;
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-10 02:12:32 +0000