1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
samba-mirror/third_party
Joseph Sutton ba60f64752 CVE-2022-3437 third_party/heimdal: Avoid undefined behaviour in _gssapi_verify_pad()
By decrementing 'pad' only when we know it's safe, we ensure we can't
stray backwards past the start of a buffer, which would be undefined
behaviour.

In the previous version of the loop, 'i' is the number of bytes left to
check, and 'pad' is the current byte we're checking. 'pad' was
decremented at the end of each loop iteration. If 'i' was 1 (so we
checked the final byte), 'pad' could potentially be pointing to the
first byte of the input buffer, and the decrement would put it one
byte behind the buffer.

That would be undefined behaviour.

The patch changes it so that 'pad' is the byte we previously checked,
which allows us to ensure that we only decrement it when we know we
have a byte to check.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-10-25 10:31:34 +00:00
..
aesni-intel lib:crypto: Build intel aes-ni only if GnuTLS doesn't provide AES CMAC 2019-12-10 20:30:57 +00:00
cmocka third_party:cmocka: Fix build when used in lib/tevent 2021-07-07 05:07:30 +00:00
gpfs third_party: Update gpfs.h to 5.0.5.3 version 2020-10-05 20:06:04 +00:00
heimdal CVE-2022-3437 third_party/heimdal: Avoid undefined behaviour in _gssapi_verify_pad() 2022-10-25 10:31:34 +00:00
heimdal_build CVE-2022-3437 third_party/heimdal_build: Add gssapi-subsystem subsystem 2022-10-25 10:31:33 +00:00
nss_wrapper third_party: Update nss_wraper to version 1.1.12 2022-06-24 22:29:33 +00:00
pam_wrapper third_party: Update pam_wrapper to version 1.1.4 2021-10-28 19:03:04 +00:00
popt third_party/popt/wscript: update to handle waf 2.0.4 2018-09-05 06:37:24 +02:00
resolv_wrapper waf: Fix resolv_wrapper with glibc 2.34 2021-11-05 11:44:30 +00:00
socket_wrapper third_party: Update socket_wrapper to version 1.3.4 2022-07-22 04:36:30 +00:00
uid_wrapper third_party: Link uid_wrapper against pthread 2019-09-25 15:39:40 +00:00
waf third_party: Reformat shell scripts 2022-08-10 14:14:04 +00:00
update.sh third_party: Reformat shell scripts 2022-08-10 14:14:04 +00:00
wscript third_party:waf: Do not recurse in aesni-intel if GnuTLS provides the cipher 2022-04-04 19:31:28 +00:00