diff options
author | Cy Schubert <cy@FreeBSD.org> | 2022-12-08 23:22:43 +0000 |
---|---|---|
committer | Cy Schubert <cy@FreeBSD.org> | 2022-12-12 14:40:33 +0000 |
commit | 08c3ed3469de06199b1a8e2176df3c2e802b0519 (patch) | |
tree | 1460f58efce73753fe7ef1e73130a62845ea517e | |
parent | 293ff98462a74ca16638f70c24bee36b42da6aa4 (diff) | |
download | src-08c3ed3469de06199b1a8e2176df3c2e802b0519.tar.gz src-08c3ed3469de06199b1a8e2176df3c2e802b0519.zip |
heimdal: Properly ix bus fault when zero-length request received
Zero length client requests result in a bus fault when attempting to
free malloc()ed pointers within the requests softc. Return an error
when the request is zero length.
This properly fixes PR/268062 without regressions.
PR: 268062
Reported by: Robert Morris <rtm@lcs.mit.edu>
(cherry picked from commit 3deefb0d147d71047a13ec2328b1b721da2ce256)
-rw-r--r-- | crypto/heimdal/kadmin/server.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/crypto/heimdal/kadmin/server.c b/crypto/heimdal/kadmin/server.c index 19dfd89d521a..5e01277fe45b 100644 --- a/crypto/heimdal/kadmin/server.c +++ b/crypto/heimdal/kadmin/server.c @@ -473,6 +473,8 @@ v5_loop (krb5_context contextp, ret = krb5_read_priv_message(contextp, ac, &fd, &in); if(ret == HEIM_ERR_EOF) exit(0); + if (in.length == 0) + ret = HEIM_ERR_OPNOTSUPP; if(ret) krb5_err(contextp, 1, ret, "krb5_read_priv_message"); doing_useful_work = 1; |