CVE-2018-16841 heimdal: Fix segfault on PKINIT with mis-matching principal

In Heimdal KRB5_KDC_ERR_CLIENT_NAME_MISMATCH is an enum, so we tried to double-free mem_ctx. This was introduced in 9a0263a7c316112caf0265237bfb2cfb3a3d370d for the MIT KDC effort. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13628 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
author: Andrew Bartlett <abartlet@samba.org> 2018-10-23 17:33:46 +1300
committer: Karolin Seeger <kseeger@samba.org> 2018-11-28 08:22:23 +0100
commit: b6e9c4b8bbd63fbf29f576d98ee7ff1154a90565 (patch)
tree: c0c0e107e90164d83117cc74804bd3091bbff501 /source4
parent: 97b426babaa2a812946c77bd841a33c1a9399ab5 (diff)
download: samba-b6e9c4b8bbd63fbf29f576d98ee7ff1154a90565.tar.gz
1 files changed, 3 insertions, 3 deletions
diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c
index acd24ec0c83..969f4f6b556 100644
--- a/source4/kdc/db-glue.c
+++ b/source4/kdc/db-glue.c
@@ -2610,10 +2610,10 @@ samba_kdc_check_pkinit_ms_upn_match(krb5_context context,
 	 * comparison */
 	if (!(orig_sid && target_sid && dom_sid_equal(orig_sid, target_sid))) {
 		talloc_free(mem_ctx);
-#ifdef KRB5_KDC_ERR_CLIENT_NAME_MISMATCH /* Heimdal */
-		return KRB5_KDC_ERR_CLIENT_NAME_MISMATCH;
-#elif defined(KRB5KDC_ERR_CLIENT_NAME_MISMATCH) /* MIT */
+#if defined(KRB5KDC_ERR_CLIENT_NAME_MISMATCH) /* MIT */
 		return KRB5KDC_ERR_CLIENT_NAME_MISMATCH;
+#else /* Heimdal (where this is an enum) */
+		return KRB5_KDC_ERR_CLIENT_NAME_MISMATCH;
 #endif
 	}
author	Andrew Bartlett <abartlet@samba.org>	2018-10-23 17:33:46 +1300
committer	Karolin Seeger <kseeger@samba.org>	2018-11-28 08:22:23 +0100
commit	b6e9c4b8bbd63fbf29f576d98ee7ff1154a90565 (patch)
tree	c0c0e107e90164d83117cc74804bd3091bbff501 /source4
parent	97b426babaa2a812946c77bd841a33c1a9399ab5 (diff)
download	samba-b6e9c4b8bbd63fbf29f576d98ee7ff1154a90565.tar.gz