diff options
author | Andrew Bartlett <abartlet@samba.org> | 2022-11-01 14:47:12 +1300 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2022-12-13 13:07:29 +0000 |
commit | 538315a2aa6d03b7639b49eb1576efa8755fefec (patch) | |
tree | c3cfb4f64c590550dd61520f4c999be3d8a80b5d /third_party | |
parent | 177334c04230d0ad74bfc2b6825ffbebd5afb9af (diff) | |
download | samba-538315a2aa6d03b7639b49eb1576efa8755fefec.tar.gz |
CVE-2022-37966 HEIMDAL: Look up the server keys to combine with clients etype list to select a session key
We need to select server, not client, to compare client etypes against.
(It is not useful to compare the client-supplied encryption types with
the client's own long-term keys.)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Diffstat (limited to 'third_party')
-rw-r--r-- | third_party/heimdal/kdc/kerberos5.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/third_party/heimdal/kdc/kerberos5.c b/third_party/heimdal/kdc/kerberos5.c index 0a7934310cc..3e0f2dbd6b6 100644 --- a/third_party/heimdal/kdc/kerberos5.c +++ b/third_party/heimdal/kdc/kerberos5.c @@ -2212,7 +2212,7 @@ _kdc_as_rep(astgs_request_t r) * intersection of the client's requested enctypes and the server's (like a * root krbtgt, but not necessarily) etypes from its HDB entry. */ - ret = _kdc_find_etype(r, (is_tgs ? KFE_IS_TGS:0) | KFE_USE_CLIENT, + ret = _kdc_find_etype(r, (is_tgs ? KFE_IS_TGS:0), b->etype.val, b->etype.len, &r->sessionetype, NULL, NULL); if (ret) { |