| commit | 09e54a7b1d18f2fdb3ebe47dadcea12c52bd8810 | |
| author | Joseph Sutton <josephsutton@catalyst.net.nz> | |
| Wed, 25 May 2022 08:00:55 +0000 (25 20:00 +1200) | ||
| committer | Jule Anger <janger@samba.org> | |
| Wed, 27 Jul 2022 10:52:36 +0000 (27 10:52 +0000) | ||
| tree | 59d685d6c8939443a5943210477ccdc32d04e5f7 | treesnapshot (tar.gz zip) |
| parent | be239c716874aadea7591fbe06652c449a350c3a | commitdiff |
CVE-2022-2031 s4:kdc: Don't use strncmp to compare principal components
We would only compare the first 'n' characters, where 'n' is the length
of the principal component string, so 'k@REALM' would erroneously be
considered equal to 'krbtgt@REALM'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
We would only compare the first 'n' characters, where 'n' is the length
of the principal component string, so 'k@REALM' would erroneously be
considered equal to 'krbtgt@REALM'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
| selftest/knownfail_heimdal_kdc | diffblobblamehistory | |
| selftest/knownfail_mit_kdc | diffblobblamehistory | |
| source4/kdc/db-glue.c | diffblobblamehistory |