git: efb5c07f91c5 - main - krb5: Fix null dereference in SPNEGO token processing
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 08 Jun 2026 13:52:38 UTC
The branch main has been updated by cy:
URL: https://cgit.FreeBSD.org/src/commit/?id=efb5c07f91c5c11fb9bd32227ac74c2d08adf3cf
commit efb5c07f91c5c11fb9bd32227ac74c2d08adf3cf
Author: Cy Schubert <cy@FreeBSD.org>
AuthorDate: 2026-06-02 17:57:17 +0000
Commit: Cy Schubert <cy@FreeBSD.org>
CommitDate: 2026-06-08 13:52:04 +0000
krb5: Fix null dereference in SPNEGO token processing
krb5 1.22.1 erroneously removed a check from get_negTokenResp() for
successful decoding of the mechListMIC field. Restore the check to
prevent a null pointer dereference.
Commit message details obtained from upstream commit.
Obtained from: Upstream commit 4ae75cded
MFC after: 3 days
---
crypto/krb5/src/lib/gssapi/spnego/spnego_mech.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/crypto/krb5/src/lib/gssapi/spnego/spnego_mech.c b/crypto/krb5/src/lib/gssapi/spnego/spnego_mech.c
index 4a778364336e..1dd0f170651b 100644
--- a/crypto/krb5/src/lib/gssapi/spnego/spnego_mech.c
+++ b/crypto/krb5/src/lib/gssapi/spnego/spnego_mech.c
@@ -3517,6 +3517,8 @@ get_negTokenResp(OM_uint32 *minor_status, struct k5input *in,
if (k5_der_get_value(&seq, CONTEXT | 0x03, &field)) {
*mechListMIC = get_octet_string(&field);
+ if (*mechListMIC == GSS_C_NO_BUFFER)
+ return GSS_S_DEFECTIVE_TOKEN;
/* Handle Windows 2000 duplicate response token */
if (*responseToken &&