Date: Mon, 5 Dec 2022 21:50:35 GMT From: Cy Schubert <cy@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: 95240a65fb18 - stable/13 - heimdal: Fix bus fault when zero-length request received Message-ID: <202212052150.2B5LoZwt093064@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/13 has been updated by cy: URL: https://cgit.FreeBSD.org/src/commit/?id=95240a65fb18985378988d5077fbac43fba30c5c commit 95240a65fb18985378988d5077fbac43fba30c5c Author: Cy Schubert <cy@FreeBSD.org> AuthorDate: 2022-12-01 00:11:18 +0000 Commit: Cy Schubert <cy@FreeBSD.org> CommitDate: 2022-12-05 21:50:28 +0000 heimdal: Fix bus fault when zero-length request received Zero length client requests result in a bus fault when attempting to free malloc()ed pointers within the requests softc. Return an error when the request is zero length. PR: 268062 Reported by: Robert Morris <rtm@lcs.mit.edu> (cherry picked from commit 6742ff42ab3b6e65239f975314060b1393e22d62) --- crypto/heimdal/lib/krb5/read_message.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/crypto/heimdal/lib/krb5/read_message.c b/crypto/heimdal/lib/krb5/read_message.c index 4e9bd012dd67..e994b0f09133 100644 --- a/crypto/heimdal/lib/krb5/read_message.c +++ b/crypto/heimdal/lib/krb5/read_message.c @@ -55,6 +55,11 @@ krb5_read_message (krb5_context context, return HEIM_ERR_EOF; } len = (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3]; + if (len == 0) { + krb5_clear_error_message(context); + return HEIM_ERR_EOF; + } + ret = krb5_data_alloc (data, len); if (ret) { krb5_clear_error_message(context);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202212052150.2B5LoZwt093064>