summaryrefslogtreecommitdiff
path: root/source4/auth
diff options
context:
space:
mode:
authorGary Lockyer <gary@catalyst.net.nz>2020-04-03 12:18:03 +1300
committerKarolin Seeger <kseeger@samba.org>2020-04-21 10:21:09 +0200
commit2aa1d7a8e42b8cdd7f7c26c3fe7b73fdcb94b31b (patch)
treef10a729238b1082e725de2c471c747eb569a805e /source4/auth
parent100821b43c4b1450832e1143952377becdf0e4d8 (diff)
downloadsamba-2aa1d7a8e42b8cdd7f7c26c3fe7b73fdcb94b31b.tar.gz
CVE-2020-10704: lib util asn1: Add ASN.1 max tree depth
Add maximum parse tree depth to the call to asn1_init, which will be used to limit the depth of the ASN.1 parse tree. Credit to OSS-Fuzz REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source4/auth')
-rw-r--r--source4/auth/gensec/gensec_krb5.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c
index 0323da87d29..b735063656a 100644
--- a/source4/auth/gensec/gensec_krb5.c
+++ b/source4/auth/gensec/gensec_krb5.c
@@ -444,7 +444,7 @@ static DATA_BLOB gensec_gssapi_gen_krb5_wrap(TALLOC_CTX *mem_ctx, const DATA_BLO
struct asn1_data *data;
DATA_BLOB ret = data_blob_null;
- data = asn1_init(mem_ctx);
+ data = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
if (!data || !ticket->data) {
return ret;
}
@@ -478,7 +478,7 @@ static DATA_BLOB gensec_gssapi_gen_krb5_wrap(TALLOC_CTX *mem_ctx, const DATA_BLO
static bool gensec_gssapi_parse_krb5_wrap(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob, DATA_BLOB *ticket, uint8_t tok_id[2])
{
bool ret = false;
- struct asn1_data *data = asn1_init(mem_ctx);
+ struct asn1_data *data = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
int data_remaining;
if (!data) {
View Lorry Controller Status