[Bug 267912] kadmind dereferences NULL if client sends mangled realm message

From: <bugzilla-noreply_at_freebsd.org>
Date: Tue, 22 Nov 2022 17:54:12 UTC

--- Comment #1 from Robert Morris <rtm@lcs.mit.edu> ---
Further, _kadm5_unmarshal_params() lets the client set any bits in
params->mask, but only tries to read params->realm, leaving the other
params-> fields unset despite bits set by the client. One consequence
is that the client can cause _kadm5_s_init_context() to crash in some
of these lines:

        (*ctx)->config.dbname = strdup(params->dbname);
        (*ctx)->config.acl_file = strdup(params->acl_file);
        (*ctx)->config.stash_file = strdup(params->stash_file);

You are receiving this mail because:
You are the assignee for the bug.