git: 3deefb0d147d - main - heimdal: Properly ix bus fault when zero-length request received
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 09 Dec 2022 14:11:07 UTC
The branch main has been updated by cy:
URL: https://cgit.FreeBSD.org/src/commit/?id=3deefb0d147d71047a13ec2328b1b721da2ce256
commit 3deefb0d147d71047a13ec2328b1b721da2ce256
Author: Cy Schubert <cy@FreeBSD.org>
AuthorDate: 2022-12-08 23:22:43 +0000
Commit: Cy Schubert <cy@FreeBSD.org>
CommitDate: 2022-12-09 14:09:54 +0000
heimdal: Properly ix bus fault when zero-length request received
Zero length client requests result in a bus fault when attempting to
free malloc()ed pointers within the requests softc. Return an error
when the request is zero length.
This properly fixes PR/268062 without regressions.
PR: 268062
Reported by: Robert Morris <rtm@lcs.mit.edu>
MFC after: 3 days
---
crypto/heimdal/kadmin/server.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/crypto/heimdal/kadmin/server.c b/crypto/heimdal/kadmin/server.c
index 19dfd89d521a..5e01277fe45b 100644
--- a/crypto/heimdal/kadmin/server.c
+++ b/crypto/heimdal/kadmin/server.c
@@ -473,6 +473,8 @@ v5_loop (krb5_context contextp,
ret = krb5_read_priv_message(contextp, ac, &fd, &in);
if(ret == HEIM_ERR_EOF)
exit(0);
+ if (in.length == 0)
+ ret = HEIM_ERR_OPNOTSUPP;
if(ret)
krb5_err(contextp, 1, ret, "krb5_read_priv_message");
doing_useful_work = 1;