git: 6b421e431a2d - stable/13 - heimdal: Fix NULL deref
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 21 Feb 2024 13:44:23 UTC
The branch stable/13 has been updated by cy: URL: https://cgit.FreeBSD.org/src/commit/?id=6b421e431a2de6eb9e8bd670efffe76e6617d520 commit 6b421e431a2de6eb9e8bd670efffe76e6617d520 Author: Cy Schubert <cy@FreeBSD.org> AuthorDate: 2024-02-15 15:41:07 +0000 Commit: Cy Schubert <cy@FreeBSD.org> CommitDate: 2024-02-21 13:44:09 +0000 heimdal: Fix NULL deref A flawed logical condition allows a malicious actor to remotely trigger a NULL pointer dereference using a crafted negTokenInit token. Upstream notes: Reported to Heimdal by Michał Kępień <michal@isc.org>. From the report: Acknowledgement --------------- This flaw was found while working on addressing ZDI-CAN-12302: ISC BIND TKEY Query Heap-based Buffer Overflow Remote Code Execution Vulnerability, which was reported to ISC by Trend Micro's Zero Day Security: CVE-2022-3116 Obtained from: upstream 7a19658c1 (cherry picked from commit fc773115fa2dbb6c01377f2ed47dabf79a4e361a) --- crypto/heimdal/lib/gssapi/spnego/accept_sec_context.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/heimdal/lib/gssapi/spnego/accept_sec_context.c b/crypto/heimdal/lib/gssapi/spnego/accept_sec_context.c index b60dc19ad8e3..48542f06fcbe 100644 --- a/crypto/heimdal/lib/gssapi/spnego/accept_sec_context.c +++ b/crypto/heimdal/lib/gssapi/spnego/accept_sec_context.c @@ -605,7 +605,7 @@ acceptor_start * If opportunistic token failed, lets try the other mechs. */ - if (!first_ok && ni->mechToken != NULL) { + if (!first_ok) { size_t j; preferred_mech_type = GSS_C_NO_OID;