CVE-2018-16860 Heimdal KDC: Reject PA-S4U2Self with unkeyed checksum

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13685 Signed-off-by: Isaac Boukris <iboukris@gmail.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Karolin Seeger <kseeger@samba.org> Autobuild-Date(master): Tue May 14 11:45:13 UTC 2019 on sn-devel-184
author: Isaac Boukris <iboukris@gmail.com> 2019-01-30 23:49:07 +0200
committer: Karolin Seeger <kseeger@samba.org> 2019-05-14 11:45:13 +0000
commit: 43958af1d50f0185e21e6cd74110c455ee8996af (patch)
tree: a534febd6d0b41a770e365d89cce45be07905f0e /source4
parent: 5639e973c1f6f1b28b122741763f1d05b47bc2d8 (diff)
download: samba-43958af1d50f0185e21e6cd74110c455ee8996af.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c
index a888788bb6f..ff7d93138c0 100644
--- a/source4/heimdal/kdc/krb5tgs.c
+++ b/source4/heimdal/kdc/krb5tgs.c
@@ -1925,6 +1925,13 @@ server_lookup:
 		goto out;
 	    }
 
+	    if (!krb5_checksum_is_keyed(context, self.cksum.cksumtype)) {
+		free_PA_S4U2Self(&self);
+		kdc_log(context, config, 0, "Reject PA-S4U2Self with unkeyed checksum");
+		ret = KRB5KRB_AP_ERR_INAPP_CKSUM;
+		goto out;
+	    }
+
 	    ret = _krb5_s4u2self_to_checksumdata(context, &self, &datack);
 	    if (ret)
 		goto out;
author	Isaac Boukris <iboukris@gmail.com>	2019-01-30 23:49:07 +0200
committer	Karolin Seeger <kseeger@samba.org>	2019-05-14 11:45:13 +0000
commit	43958af1d50f0185e21e6cd74110c455ee8996af (patch)
tree	a534febd6d0b41a770e365d89cce45be07905f0e /source4
parent	5639e973c1f6f1b28b122741763f1d05b47bc2d8 (diff)
download	samba-43958af1d50f0185e21e6cd74110c455ee8996af.tar.gz