git: a8970f585cdf - stable/12 - heimdal: Properly ix bus fault when zero-length request received

From: Cy Schubert <cy_at_FreeBSD.org>
Date: Mon, 12 Dec 2022 14:41:30 UTC 
The branch stable/12 has been updated by cy:

URL: https://cgit.FreeBSD.org/src/commit/?id=a8970f585cdfca3ce8b22a4921a9490b592ef4ff

commit a8970f585cdfca3ce8b22a4921a9490b592ef4ff
Author:     Cy Schubert <cy@FreeBSD.org>
AuthorDate: 2022-12-08 23:22:43 +0000
Commit:     Cy Schubert <cy@FreeBSD.org>
CommitDate: 2022-12-12 14:41:17 +0000

    heimdal: Properly ix bus fault when zero-length request received
    
    Zero length client requests result in a bus fault when attempting to
    free malloc()ed pointers within the requests softc. Return an error
    when the request is zero length.
    
    This properly fixes PR/268062 without regressions.
    
    PR:             268062
    Reported by:    Robert Morris <rtm@lcs.mit.edu>
    
    (cherry picked from commit 3deefb0d147d71047a13ec2328b1b721da2ce256)
---
 crypto/heimdal/kadmin/server.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/crypto/heimdal/kadmin/server.c b/crypto/heimdal/kadmin/server.c
index 19dfd89d521a..5e01277fe45b 100644
--- a/crypto/heimdal/kadmin/server.c
+++ b/crypto/heimdal/kadmin/server.c
@@ -473,6 +473,8 @@ v5_loop (krb5_context contextp,
 	ret = krb5_read_priv_message(contextp, ac, &fd, &in);
 	if(ret == HEIM_ERR_EOF)
 	    exit(0);
+	if (in.length == 0)
+	    ret = HEIM_ERR_OPNOTSUPP;
 	if(ret)
 	    krb5_err(contextp, 1, ret, "krb5_read_priv_message");
 	doing_useful_work = 1;