aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCy Schubert <cy@FreeBSD.org>2022-12-08 23:22:43 +0000
committerCy Schubert <cy@FreeBSD.org>2022-12-12 14:40:33 +0000
commit08c3ed3469de06199b1a8e2176df3c2e802b0519 (patch)
tree1460f58efce73753fe7ef1e73130a62845ea517e
parent293ff98462a74ca16638f70c24bee36b42da6aa4 (diff)
downloadsrc-08c3ed3469de06199b1a8e2176df3c2e802b0519.tar.gz
src-08c3ed3469de06199b1a8e2176df3c2e802b0519.zip
heimdal: Properly ix bus fault when zero-length request received
Zero length client requests result in a bus fault when attempting to free malloc()ed pointers within the requests softc. Return an error when the request is zero length. This properly fixes PR/268062 without regressions. PR: 268062 Reported by: Robert Morris <rtm@lcs.mit.edu> (cherry picked from commit 3deefb0d147d71047a13ec2328b1b721da2ce256)
Diffstat
-rw-r--r--crypto/heimdal/kadmin/server.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/crypto/heimdal/kadmin/server.c b/crypto/heimdal/kadmin/server.c
index 19dfd89d521a..5e01277fe45b 100644
--- a/crypto/heimdal/kadmin/server.c
+++ b/crypto/heimdal/kadmin/server.c
@@ -473,6 +473,8 @@ v5_loop (krb5_context contextp,
ret = krb5_read_priv_message(contextp, ac, &fd, &in);
if(ret == HEIM_ERR_EOF)
exit(0);
+ if (in.length == 0)
+ ret = HEIM_ERR_OPNOTSUPP;
if(ret)
krb5_err(contextp, 1, ret, "krb5_read_priv_message");
doing_useful_work = 1;
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-30 03:41:21 +0000