diff options
| author | Joseph Sutton <josephsutton@catalyst.net.nz> | 2022-05-27 19:29:34 +1200 |
|---|---|---|
| committer | Jule Anger <janger@samba.org> | 2022-07-27 10:52:36 +0000 |
| commit | 4e2e767a78b5e94ecc8833ea6cd05f875c37dfed (patch) | |
| tree | a1a5dd2c3fc889ad66c3e91d9f3de4729a764032 /lib/krb5_wrap | |
| parent | f89e5eff5f5c910b06fab3d1a57fabd53b66f9f0 (diff) | |
| download | samba-4e2e767a78b5e94ecc8833ea6cd05f875c37dfed.tar.gz | |
CVE-2022-2031 lib:krb5_wrap: Generate valid error codes in smb_krb5_mk_error()
The error code passed in will be an offset from ERROR_TABLE_BASE_krb5,
so we need to subtract that before creating the error. Heimdal does this
internally, so it isn't needed there.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15049
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15074
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Diffstat (limited to 'lib/krb5_wrap')
| -rw-r--r-- | lib/krb5_wrap/krb5_samba.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c index 2b9dc97a1bc..2873c386410 100644 --- a/lib/krb5_wrap/krb5_samba.c +++ b/lib/krb5_wrap/krb5_samba.c @@ -237,7 +237,7 @@ krb5_error_code smb_krb5_mk_error(krb5_context context, return code; } - errpkt.error = error_code; + errpkt.error = error_code - ERROR_TABLE_BASE_krb5; errpkt.text.length = 0; if (e_text != NULL) { |