sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Code

CVE-2021-3671 HEIMDAL kdc: validate sname in TGS-REQ

Browse Source 
In tgs_build_reply(), validate the server name in the TGS-REQ is present before
dereferencing.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770

[abartlet@samba.org backported from from Heimdal
commit 04171147948d0a3636bc6374181926f0fb2ec83a via reference
to an earlier patch by Joseph Sutton]

RN: An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ

Reviewed-by: Andreas Schneider <asn@samba.org>
This commit is contained in:
Luke Howard 2021-08-27 11:42:48 +10:00 committed by Andreas Schneider
parent 15f9f040fe
commit 0cb4b939f1
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
source4/heimdal/kdc/krb5tgs.c
View File

@ -1603,6 +1603,10 @@ tgs_build_reply(krb5_context context,
s = &adtkt.cname;
r = adtkt.crealm;
} else if (s == NULL) {
ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
krb5_set_error_message(context, ret, "No server in request");
goto out;
}
_krb5_principalname2krb5_principal(context, &sp, *s, r);