diff options
| author | Joseph Sutton <josephsutton@catalyst.net.nz> | 2022-06-16 15:32:49 +1200 |
|---|---|---|
| committer | Jule Anger <janger@samba.org> | 2022-07-27 10:52:36 +0000 |
| commit | 2872ccc931c9b601807f91cadc614dcf7c174c8f (patch) | |
| tree | 474a371702ce2bf6f22aee62fe2325874af14290 /third_party | |
| parent | 9881491023eb1ece27bd7a24ed41902bb15dbff2 (diff) | |
| download | samba-2872ccc931c9b601807f91cadc614dcf7c174c8f.tar.gz | |
CVE-2022-2031 third_party/heimdal: Check generate_pac() return code
If the function fails, we should not issue a ticket missing the PAC.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Diffstat (limited to 'third_party')
| -rw-r--r-- | third_party/heimdal/kdc/kerberos5.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/third_party/heimdal/kdc/kerberos5.c b/third_party/heimdal/kdc/kerberos5.c index e95bdad0a64..0a7934310cc 100644 --- a/third_party/heimdal/kdc/kerberos5.c +++ b/third_party/heimdal/kdc/kerberos5.c @@ -2668,7 +2668,9 @@ _kdc_as_rep(astgs_request_t r) /* Add the PAC */ if (!r->et.flags.anonymous) { - generate_pac(r, skey, krbtgt_key, is_tgs); + ret = generate_pac(r, skey, krbtgt_key, is_tgs); + if (ret) + goto out; } if (r->client->flags.synthetic) { |