Date: Mon, 08 Jun 2026 13:52:38 +0000 From: Cy Schubert <cy@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: efb5c07f91c5 - main - krb5: Fix null dereference in SPNEGO token processing Message-ID: <6a26c926.43203.3b2a8200@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by cy: URL: https://cgit.FreeBSD.org/src/commit/?id=efb5c07f91c5c11fb9bd32227ac74c2d08adf3cf commit efb5c07f91c5c11fb9bd32227ac74c2d08adf3cf Author: Cy Schubert <cy@FreeBSD.org> AuthorDate: 2026-06-02 17:57:17 +0000 Commit: Cy Schubert <cy@FreeBSD.org> CommitDate: 2026-06-08 13:52:04 +0000 krb5: Fix null dereference in SPNEGO token processing krb5 1.22.1 erroneously removed a check from get_negTokenResp() for successful decoding of the mechListMIC field. Restore the check to prevent a null pointer dereference. Commit message details obtained from upstream commit. Obtained from: Upstream commit 4ae75cded MFC after: 3 days --- crypto/krb5/src/lib/gssapi/spnego/spnego_mech.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/krb5/src/lib/gssapi/spnego/spnego_mech.c b/crypto/krb5/src/lib/gssapi/spnego/spnego_mech.c index 4a778364336e..1dd0f170651b 100644 --- a/crypto/krb5/src/lib/gssapi/spnego/spnego_mech.c +++ b/crypto/krb5/src/lib/gssapi/spnego/spnego_mech.c @@ -3517,6 +3517,8 @@ get_negTokenResp(OM_uint32 *minor_status, struct k5input *in, if (k5_der_get_value(&seq, CONTEXT | 0x03, &field)) { *mechListMIC = get_octet_string(&field); + if (*mechListMIC == GSS_C_NO_BUFFER) + return GSS_S_DEFECTIVE_TOKEN; /* Handle Windows 2000 duplicate response token */ if (*responseToken &&home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6a26c926.43203.3b2a8200>