83e7befa84
- Introduce patch 0107-Fix-LDAP-null-deref-on-empty-arg-CVE-2016-3119.patch to fix CVE-2016-3119 (bsc#971942) OBS-URL: https://build.opensuse.org/request/show/378678 OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=162
12 lines
690 B
Diff
12 lines
690 B
Diff
diff -rupN krb5-1.14/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c krb5-1.14-patched/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
|
|
--- krb5-1.14/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c 2016-03-23 14:00:44.669126353 +0100
|
|
+++ krb5-1.14-patched/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c 2016-03-23 14:01:45.993680720 +0100
|
|
@@ -267,6 +267,7 @@ process_db_args(krb5_context context, ch
|
|
if (db_args) {
|
|
for (i=0; db_args[i]; ++i) {
|
|
arg = strtok_r(db_args[i], "=", &arg_val);
|
|
+ arg = (arg != NULL) ? arg : "";
|
|
if (strcmp(arg, TKTPOLICY_ARG) == 0) {
|
|
dptr = &xargs->tktpolicydn;
|
|
} else {
|