]> CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit
projects / FreeBSD / FreeBSD.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9f2e70a) | patch
heimdal: Fix NULL deref
authorCy Schubert <cy@FreeBSD.org>
Thu, 15 Feb 2024 15:41:07 +0000 (07:41 -0800)
committerCy Schubert <cy@FreeBSD.org>
Wed, 21 Feb 2024 14:01:48 +0000 (06:01 -0800)
commit88bdc4bb60df6aab4457d244c5fbf4b56b22ff6d
tree4fe362760ba0ebddd569d24f6cd9c5002c896adctree | snapshot
parent9f2e70a87d6ed48df418e1f7a3ccc09b469c2dadcommit | diff
heimdal: Fix NULL deref

A flawed logical condition allows a malicious actor to remotely
trigger a NULL pointer dereference using a crafted negTokenInit
token.

Upstream notes:

    Reported to Heimdal by Michał Kępień <michal@isc.org>.

    From the report:

    Acknowledgement
    ---------------

    This flaw was found while working on addressing ZDI-CAN-12302: ISC BIND
    TKEY Query Heap-based Buffer Overflow Remote Code Execution
    Vulnerability, which was reported to ISC by Trend Micro's Zero Day

Security: CVE-2022-3116
Obtained from: upstream 7a19658c1
MFS requested by: re (cperciva)
Approved by: re (cperciva)

(cherry picked from commit fc773115fa2dbb6c01377f2ed47dabf79a4e361a)
(cherry picked from commit 6b421e431a2de6eb9e8bd670efffe76e6617d520)
crypto/heimdal/lib/gssapi/spnego/accept_sec_context.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.