Date: Mon, 12 Dec 2022 14:40:55 GMT From: Cy Schubert <cy@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: 08c3ed3469de - stable/13 - heimdal: Properly ix bus fault when zero-length request received Message-ID: <202212121440.2BCEetIJ080231@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/13 has been updated by cy: URL: https://cgit.FreeBSD.org/src/commit/?id=08c3ed3469de06199b1a8e2176df3c2e802b0519 commit 08c3ed3469de06199b1a8e2176df3c2e802b0519 Author: Cy Schubert <cy@FreeBSD.org> AuthorDate: 2022-12-08 23:22:43 +0000 Commit: Cy Schubert <cy@FreeBSD.org> CommitDate: 2022-12-12 14:40:33 +0000 heimdal: Properly ix bus fault when zero-length request received Zero length client requests result in a bus fault when attempting to free malloc()ed pointers within the requests softc. Return an error when the request is zero length. This properly fixes PR/268062 without regressions. PR: 268062 Reported by: Robert Morris <rtm@lcs.mit.edu> (cherry picked from commit 3deefb0d147d71047a13ec2328b1b721da2ce256) --- crypto/heimdal/kadmin/server.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/heimdal/kadmin/server.c b/crypto/heimdal/kadmin/server.c index 19dfd89d521a..5e01277fe45b 100644 --- a/crypto/heimdal/kadmin/server.c +++ b/crypto/heimdal/kadmin/server.c @@ -473,6 +473,8 @@ v5_loop (krb5_context contextp, ret = krb5_read_priv_message(contextp, ac, &fd, &in); if(ret == HEIM_ERR_EOF) exit(0); + if (in.length == 0) + ret = HEIM_ERR_OPNOTSUPP; if(ret) krb5_err(contextp, 1, ret, "krb5_read_priv_message"); doing_useful_work = 1;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202212121440.2BCEetIJ080231>