Submitted by: Tomas Hoger <thoger@redhat.com>

Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL could be crashed if the relevant tables were not present (e.g. chrooted).

Submitted by: Tomas Hoger <thoger@redhat.com>
Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL could be crashed if the relevant tables were not present (e.g. chrooted).
cca1cd9a · Dr. Stephen Henson · 2c772c87 · cca1cd9a · cca1cd9a
隐藏空白更改
内联并排

Showing with 9 addition and 0 deletion

CHANGES CHANGES +6 -0

ssl/kssl.c ssl/kssl.c +3 -0

未找到文件。
--- a/CHANGES
+++ b/CHANGES
@@ -909,6 +909,12 @@

  *) Change 'Configure' script to enable Camellia by default.
     [NTT]
+  
+   Changes between 0.9.8m and 0.9.8n [xx XXX xxxx]
+  
+  *) Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL 
+     could be crashed if the relevant tables were not present (e.g. chrooted).
+     [Tomas Hoger <thoger@redhat.com>]

 Changes between 0.9.8l and 0.9.8m  [xx XXX xxxx]


--- a/ssl/kssl.c
+++ b/ssl/kssl.c
@@ -1803,6 +1803,9 @@ kssl_ctx_show(KSSL_CTX *kssl_ctx)
                                     kssl_ctx->service_name ? kssl_ctx->service_name: KRB5SVC,
                                     KRB5_NT_SRV_HST, &princ);

+    if (krb5rc)
+	goto exit;
+
    krb5rc = krb5_kt_get_entry(krb5context, krb5keytab, 
                                princ,
                                0 /* IGNORE_VNO */,