git: 78d44cb4b533 - stable/12 - heimdal: Fix bus fault when zero-length request received

Mon, 05 Dec 2022 13:50:54 -0800 

The branch stable/12 has been updated by cy:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=78d44cb4b533af106f5cf1ef1603fb1f08f9594a

commit 78d44cb4b533af106f5cf1ef1603fb1f08f9594a
Author:     Cy Schubert <[email protected]>
AuthorDate: 2022-12-01 00:11:18 +0000
Commit:     Cy Schubert <[email protected]>
CommitDate: 2022-12-05 21:50:44 +0000

    heimdal: Fix bus fault when zero-length request received
    
    Zero length client requests result in a bus fault when attempting to
    free malloc()ed pointers within the requests softc. Return an error
    when the request is zero length.
    
    PR:             268062
    Reported by:    Robert Morris <[email protected]>
    
    (cherry picked from commit 6742ff42ab3b6e65239f975314060b1393e22d62)
---
 crypto/heimdal/lib/krb5/read_message.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/crypto/heimdal/lib/krb5/read_message.c 
b/crypto/heimdal/lib/krb5/read_message.c
index 4e9bd012dd67..e994b0f09133 100644
--- a/crypto/heimdal/lib/krb5/read_message.c
+++ b/crypto/heimdal/lib/krb5/read_message.c
@@ -55,6 +55,11 @@ krb5_read_message (krb5_context context,
        return HEIM_ERR_EOF;
     }
     len = (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
+    if (len == 0) {
+       krb5_clear_error_message(context);
+       return HEIM_ERR_EOF;
+    }
+
     ret = krb5_data_alloc (data, len);
     if (ret) {
        krb5_clear_error_message(context);

Reply via email to