Site Navigation

Date:      Mon, 15 Jun 2026 13:12:10 +0000
From:      Cy Schubert <cy@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: 120881b48248 - stable/15 - krb5: Fix null dereference in SPNEGO token processing
Message-ID:  <6a2ffa2a.3128f.45bcd2@gitrepo.freebsd.org>

---

index | next in thread | raw e-mail

---

The branch stable/15 has been updated by cy:

URL: https://cgit.FreeBSD.org/src/commit/?id=120881b482480bbe31ff031b3d4792d1b8159d23

commit 120881b482480bbe31ff031b3d4792d1b8159d23
Author:     Cy Schubert <cy@FreeBSD.org>
AuthorDate: 2026-06-02 17:57:17 +0000
Commit:     Cy Schubert <cy@FreeBSD.org>
CommitDate: 2026-06-15 13:11:49 +0000

    krb5: Fix null dereference in SPNEGO token processing
    
    krb5 1.22.1 erroneously removed a check from get_negTokenResp() for
    successful decoding of the mechListMIC field.  Restore the check to
    prevent a null pointer dereference.
    
    Commit message details obtained from upstream commit.
    Obtained from:  Upstream commit 4ae75cded
    
    (cherry picked from commit efb5c07f91c5c11fb9bd32227ac74c2d08adf3cf)
---
 crypto/krb5/src/lib/gssapi/spnego/spnego_mech.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/crypto/krb5/src/lib/gssapi/spnego/spnego_mech.c b/crypto/krb5/src/lib/gssapi/spnego/spnego_mech.c
index 4a778364336e..1dd0f170651b 100644
--- a/crypto/krb5/src/lib/gssapi/spnego/spnego_mech.c
+++ b/crypto/krb5/src/lib/gssapi/spnego/spnego_mech.c
@@ -3517,6 +3517,8 @@ get_negTokenResp(OM_uint32 *minor_status, struct k5input *in,
 
 	if (k5_der_get_value(&seq, CONTEXT | 0x03, &field)) {
 		*mechListMIC = get_octet_string(&field);
+		if (*mechListMIC == GSS_C_NO_BUFFER)
+			return GSS_S_DEFECTIVE_TOKEN;
 
                 /* Handle Windows 2000 duplicate response token */
                 if (*responseToken &&

home | help

---

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6a2ffa2a.3128f.45bcd2>

Legal Notices | © 1995-2026 The FreeBSD Project. All rights reserved.

Contact