From nobody Mon Jun 15 13:12:11 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gf9Wc0LBvz6hKZx for ; Mon, 15 Jun 2026 13:12:12 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4gf9Wb5rV1z3ZVW for ; Mon, 15 Jun 2026 13:12:11 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1781529131; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=0EeSQfjshBw1z65pfhBpqXsVXj3Z+coMzYwnESLOEXo=; b=l6wqPlWwg1KrrX/y8RSsOAM0XSX/TJNmk41P2+KgGRFyglhgb6lIL+0hiY8Q7OBHq0Gqhm Jt5w4Sla7XoOT5jTF0NjKS90ypHIHa6oHOgPNpvKNSPhJ3PWM9KPkRacMRBMBQZU1qcuw0 1z3M8yvZK0ol6aiVXzVRu9859QGgQXE1nGpNNmNK2yTaq6AGMfgj7OeP4+bk5LY0/iL06w IMXvs6Ff45a6m2gFZWNzJ61+b6pEoLb7t+rzWZrmjQCGCXru9Kd1mXxZW6AspTRqlpE9Q3 8et2TqdwApX7QlliUKIfe6Odavi0vJD6OiDr0xXuySYCeBIgvlMELG+NBseJfQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1781529131; a=rsa-sha256; cv=none; b=MYw0oBdPz7jRuIDKmcQBHTU5R2JRFvbFLjhQ5P6fEMDPfQpHfWBKfWiFTRihKDFtoquBlT 7q0Q7wIt+4sQiqWdDX50bguiyfEhb2RXiROTVNUzXMZVXNIfiZlVvZOw8r4WP5SBy+DPj/ CBQMo4xFRvAba6X5QmAYr1i9YJXaP4kKtH22Q/78vKgM6u04nC3iH/Ujxc/6iWwID7qGQJ eM98lTKyDfLp+qM3IDkGLHkjUm+27qiN795LHfqsOP4Bv350v/l9uVPUSirYhwuj95BvgY H3afmZcR86hTmkR5jXDR/UORhW4RKEzZje+34F70vpsY3vXW31H/kVT3ASE1Rw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1781529131; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=0EeSQfjshBw1z65pfhBpqXsVXj3Z+coMzYwnESLOEXo=; b=G5uRKU8GftuBDvF5ioosivyeoApln8byKFMn/xLx5Ss/QQJ5lacW88sSLCL22au/YHiqH2 IJhzdkRcvYRuYrH+j5lnaC6LfqCBl9bP8t7qaj/QUH6st4Zrp27kbwU+bgfVzUCPRGcqxs isbhmDxlGGuj8gQ8eVtjD96F1+fyn8Regsybb0TTjIZ2/FbxgCEAQ8ofQmrc+0kLM8z6k0 jCeH6zvABoKIz+xx16f9vY5J8ENyeB93C0zi/78dbMzU4PNnKCDZ/rby19WZ43a0n1GlOQ d8blR9XFCJwjGO8PK3ZVPZl9ENkAYpWwErVyzuT19KuEXsu3cJhnKsn+hjB9uA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4gf9Wb5JrpzwXP for ; Mon, 15 Jun 2026 13:12:11 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 30ee0 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Mon, 15 Jun 2026 13:12:11 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Cy Schubert Subject: git: 27691b8b9303 - stable/15 - krb5: Fix reachable assert when importing krb5 names List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: cy X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: 27691b8b9303c6fec89a6dcb9c56f8c8f0f5e69c Auto-Submitted: auto-generated Date: Mon, 15 Jun 2026 13:12:11 +0000 Message-Id: <6a2ffa2b.30ee0.1444e6af@gitrepo.freebsd.org> The branch stable/15 has been updated by cy: URL: https://cgit.FreeBSD.org/src/commit/?id=27691b8b9303c6fec89a6dcb9c56f8c8f0f5e69c commit 27691b8b9303c6fec89a6dcb9c56f8c8f0f5e69c Author: Cy Schubert AuthorDate: 2026-06-02 18:09:43 +0000 Commit: Cy Schubert CommitDate: 2026-06-15 13:11:49 +0000 krb5: Fix reachable assert when importing krb5 names If a name token contains trailing garbage, error out from krb5_gss_import_name() instead of crashing the process with an assertion failure. Commit message details obtained from upstream commit. Obtained from: upstream commit 07818f1fd Reported by: Aisle Research (Ze Sheng, Dmitrijs Trizna, Luigino Camastra, Guido Vranken) to krb5-bugs MFC after: 3 days (cherry picked from commit fce16f60de9718be6b789f00e86141a84cd920d3) --- crypto/krb5/src/lib/gssapi/krb5/import_name.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/krb5/src/lib/gssapi/krb5/import_name.c b/crypto/krb5/src/lib/gssapi/krb5/import_name.c index a067d0742331..b4c29b442511 100644 --- a/crypto/krb5/src/lib/gssapi/krb5/import_name.c +++ b/crypto/krb5/src/lib/gssapi/krb5/import_name.c @@ -297,7 +297,8 @@ import_name(OM_uint32 *minor_status, gss_buffer_t input_name_buffer, goto fail_name; cp += length; } - assert(cp == end); + if (cp != end) + goto fail_name; } else { status = GSS_S_BAD_NAMETYPE; goto cleanup;