CVE-2022-2031 s4:kpasswd: Return a kpasswd error code in KRB-ERROR

If we attempt to return an error code outside of Heimdal's allowed range [KRB5KDC_ERR_NONE, KRB5_ERR_RCSID), it will be replaced with a GENERIC error, and the error text will be set to the meaningless result of krb5_get_error_message(). Avoid this by ensuring the error code is in the correct range. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047 BUG: https://bugzilla.samba.org/show_bug.cgi?id=15049 BUG: https://bugzilla.samba.org/show_bug.cgi?id=15074 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>
author: Joseph Sutton <josephsutton@catalyst.net.nz> 2022-05-18 16:49:43 +1200
committer: Jule Anger <janger@samba.org> 2022-07-24 11:55:51 +0200
commit: 481a70c37464d356f60a30c5f51ffae755c4e6f0 (patch)
tree: 0649270699ece0077d65145c0edf5fe2cf5309d3 /source4
parent: 38c83abffd325ee23649c190b8ffb3d27a2bdb68 (diff)
download: samba-481a70c37464d356f60a30c5f51ffae755c4e6f0.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/source4/kdc/kpasswd-service.c b/source4/kdc/kpasswd-service.c
index 22e1295c11e..379ddebf3ad 100644
--- a/source4/kdc/kpasswd-service.c
+++ b/source4/kdc/kpasswd-service.c
@@ -315,7 +315,7 @@ reply:
 		}
 
 		code = smb_krb5_mk_error(kdc->smb_krb5_context->krb5_context,
-					 error_code,
+					 KRB5KDC_ERR_NONE + error_code,
 					 NULL, /* e_text */
 					 &k_dec_data,
 					 NULL, /* client */
author	Joseph Sutton <josephsutton@catalyst.net.nz>	2022-05-18 16:49:43 +1200
committer	Jule Anger <janger@samba.org>	2022-07-24 11:55:51 +0200
commit	481a70c37464d356f60a30c5f51ffae755c4e6f0 (patch)
tree	0649270699ece0077d65145c0edf5fe2cf5309d3 /source4
parent	38c83abffd325ee23649c190b8ffb3d27a2bdb68 (diff)
download	samba-481a70c37464d356f60a30c5f51ffae755c4e6f0.tar.gz