| commit | a8ef840d4362d3ffeab13c1d5fea417511b727c2 | |
| author | Joseph Sutton <josephsutton@catalyst.net.nz> | |
| Fri, 14 Oct 2022 03:45:37 +0000 (14 16:45 +1300) | ||
| committer | Jule Anger <janger@samba.org> | |
| Tue, 15 Nov 2022 14:41:08 +0000 (15 15:41 +0100) | ||
| tree | 0ef300106416517f4eb145a2010ee2de5e654e2c | treesnapshot (tar.gz zip) |
| parent | b403ae70a059f8ec053443675801efec946b8b5b | commitdiff |
CVE-2022-42898 third_party/heimdal: PAC parse integer overflows
Catch overflows that result from adding PAC_INFO_BUFFER_SIZE.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15203
Heavily edited by committer Nico Williams <nico@twosigma.com>, original by
Joseph Sutton <josephsutton@catalyst.net.nz>.
Signed-off-by: Nico Williams <nico@twosigma.com>
[jsutton@samba.org Zero-initialised header_size in krb5_pac_parse() to
avoid a maybe-uninitialized error; added a missing check for ret == 0]
Catch overflows that result from adding PAC_INFO_BUFFER_SIZE.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15203
Heavily edited by committer Nico Williams <nico@twosigma.com>, original by
Joseph Sutton <josephsutton@catalyst.net.nz>.
Signed-off-by: Nico Williams <nico@twosigma.com>
[jsutton@samba.org Zero-initialised header_size in krb5_pac_parse() to
avoid a maybe-uninitialized error; added a missing check for ret == 0]
| third_party/heimdal/lib/krb5/pac.c | diffblobblamehistory | |
| third_party/heimdal/lib/krb5/test_pac.c | diffblobblamehistory |