| commit | 72f82d949a3ee0889f358a586484248f8386b744 | |
| author | Joseph Sutton <josephsutton@catalyst.net.nz> | |
| Tue, 26 Oct 2021 22:18:36 +0000 (27 11:18 +1300) | ||
| committer | Jule Anger <janger@samba.org> | |
| Tue, 9 Nov 2021 19:45:33 +0000 (9 19:45 +0000) | ||
| tree | 2b95d16db8e933728e416821ab10b2329d68a6f3 | treesnapshot (tar.gz zip) |
| parent | 8752b83bb98792579b7705d0ce1bd0fb9321043e | commitdiff |
CVE-2020-25719 tests/krb5: Add expected parameters to cache key for obtaining tickets
If multiple calls to get_tgt() or get_service_ticket() specify different
expected parameters, we want to perform the request again so that the
checking can be performed, rather than reusing a previously obtained
ticket and potentially skipping checks.
It should be fine to cache tickets with the same expected parameters, as
tickets that fail to be obtained will not be stored in the cache, so the
checking will happen for every call.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
If multiple calls to get_tgt() or get_service_ticket() specify different
expected parameters, we want to perform the request again so that the
checking can be performed, rather than reusing a previously obtained
ticket and potentially skipping checks.
It should be fine to cache tickets with the same expected parameters, as
tickets that fail to be obtained will not be stored in the cache, so the
checking will happen for every call.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
| python/samba/tests/krb5/kdc_base_test.py | diffblobblamehistory |