03254981cb
- update to version 1.12
* Add GSSAPI extensions for constructing MIC tokens using IOV lists
* Add a FAST OTP preauthentication module for the KDC which uses
RADIUS to validate OTP token values.
* The AES-based encryption types will use AES-NI instructions
when possible for improved performance.
- revert dependency on libcom_err-mini-devel since it's not yet
available
- update and rebase patches
OBS-URL: https://build.opensuse.org/request/show/213903
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=114
28 lines
1.0 KiB
Diff
28 lines
1.0 KiB
Diff
Reference docs don't define what happens if you call krb5_realm_compare() with
|
|
malformed krb5_principal structures. Define a behavior which keeps it from
|
|
crashing if applications don't check ahead of time.
|
|
|
|
--- krb5/src/lib/krb5/krb/princ_comp.c
|
|
+++ krb5/src/lib/krb5/krb/princ_comp.c
|
|
@@ -41,6 +41,10 @@ realm_compare_flags(krb5_context context
|
|
const krb5_data *realm1 = &princ1->realm;
|
|
const krb5_data *realm2 = &princ2->realm;
|
|
|
|
+ if (princ1 == NULL || princ2 == NULL)
|
|
+ return FALSE;
|
|
+ if (realm1 == NULL || realm2 == NULL)
|
|
+ return FALSE;
|
|
if (realm1->length != realm2->length)
|
|
return FALSE;
|
|
if (realm1->length == 0)
|
|
@@ -92,6 +98,9 @@ krb5_principal_compare_flags(krb5_contex
|
|
krb5_principal upn2 = NULL;
|
|
krb5_boolean ret = FALSE;
|
|
|
|
+ if (princ1 == NULL || princ2 == NULL)
|
|
+ return FALSE;
|
|
+
|
|
if (flags & KRB5_PRINCIPAL_COMPARE_ENTERPRISE) {
|
|
/* Treat UPNs as if they were real principals */
|
|
if (princ1->type == KRB5_NT_ENTERPRISE_PRINCIPAL) {
|