| commit | 4aca82c7d0d3b8249fb42e505927e2cbd80df0e3 | |
| author | Joseph Sutton <josephsutton@catalyst.net.nz> | |
| Mon, 15 Aug 2022 04:53:55 +0000 (15 16:53 +1200) | ||
| committer | Nicolas Williams <nico@twosigma.com> | |
| Tue, 15 Nov 2022 23:51:45 +0000 (15 17:51 -0600) | ||
| tree | 792ba91be66b7bc223b22c3fea110c2c51c169f6 | treesnapshot (tar.gz zip) |
| parent | ce6d8bbdbb84cdbdc71b981af9b35a972f61de9a | commitdiff |
gsskrb5: CVE-2022-3437 Check the result of _gsskrb5_get_mech()
We should make sure that the result of 'total_len - mech_len' won't
overflow, and that we don't memcmp() past the end of the buffer.
Samba BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We should make sure that the result of 'total_len - mech_len' won't
overflow, and that we don't memcmp() past the end of the buffer.
Samba BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
| lib/gssapi/krb5/decapsulate.c | diffblobblamehistory |