diff options
author | Michael Saxl <mike@mwsys.mine.bz> | 2017-06-24 13:41:48 +0200 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2017-07-03 11:07:16 +0200 |
commit | a971f23c05e849d4930ce470b12c8f5ea3172390 (patch) | |
tree | e1902bf30529b1e72b2097b5f75b2c8a3972552d | |
parent | eb587fb5a611876de0e01e187bb41c4375cde6cd (diff) | |
download | samba-a971f23c05e849d4930ce470b12c8f5ea3172390.tar.gz |
s3:gse_krb5: fix a possible crash in fill_mem_keytab_from_system_keytab()
If the keytab file isn't readable, we may call
krb5_kt_end_seq_get() with an invalid kt_cursor.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10490
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Saxl <mike@mwsys.mine.bz>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit a9780a2eaa9cba4ab87cc3371d97fa494fa0198c)
-rw-r--r-- | source3/librpc/crypto/gse_krb5.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/source3/librpc/crypto/gse_krb5.c b/source3/librpc/crypto/gse_krb5.c index 703d1b4c925..4dd39eaf08d 100644 --- a/source3/librpc/crypto/gse_krb5.c +++ b/source3/librpc/crypto/gse_krb5.c @@ -437,6 +437,14 @@ static krb5_error_code fill_mem_keytab_from_system_keytab(krb5_context krbctx, if (ret) { DEBUG(1, (__location__ ": krb5_kt_start_seq_get failed (%s)\n", error_message(ret))); + /* + * krb5_kt_start_seq_get() may leaves bogus data + * in kt_cursor. And we want to use the all_zero() + * logic below. + * + * See bug #10490 + */ + ZERO_STRUCT(kt_cursor); goto out; } |