freeipa

Clone
Source Code
GIT

b04f617 Heap corruption in ipapwd plugin

1 file Authored by tbordaz 7 years ago, Committed by mbasti 7 years ago,
raw patch tree parent
1 file changed. 1 lines added. 1 lines removed.
daemons/ipa-slapi-plugins/ipa-pwd-extop/encoding.c
file modified
+1 -1 
    Heap corruption in ipapwd plugin
    
    ipapwd_encrypt_encode_key allocates 'kset' on the heap but
    with num_keys and keys not being initialized.
    Then ipa_krb5_generate_key_data initializes them with the
    generated keys.
    If ipa_krb5_generate_key_data fails (here EINVAL meaning no
    principal->realm.data), num_keys and keys are left uninitialized.
    Upon failure, ipapwd_keyset_free is called to free 'kset'
    that contains random num_keys and keys.
    
    allocates kset with calloc so that kset->num_keys==0 and
    kset->keys==NULL
    
    https://fedorahosted.org/freeipa/ticket/6030
    
    Reviewed-By: Simo Sorce <ssorce@redhat.com>
    Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
file modified
+1 -1
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.