Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/crypto/external/bsd/heimdal/dist/lib/krb5 https://orpheus-ly...
details: https://anonhg.NetBSD.org/src/rev/26c0ddf2fae5
branches: trunk
changeset: 825362:26c0ddf2fae5
user: christos <christos%NetBSD.org@localhost>
date: Tue Jul 11 17:45:31 2017 +0000
description:
https://orpheus-lyre.info/design/index.html
https://github.com/heimdal/heimdal/commit/6dd3eb836bbb80a00ffced4ad57077a1cdf227ea
In _krb5_extract_ticket() the KDC-REP service name must be obtained from
encrypted version stored in 'enc_part' instead of the unencrypted version
stored in 'ticket'. Use of the unecrypted version provides an
opportunity for successful server impersonation and other attacks.
Identified by Jeffrey Altman, Viktor Duchovni and Nico Williams.
XXX: pullup 6, 7, 8.
diffstat:
crypto/external/bsd/heimdal/dist/lib/krb5/ticket.c | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diffs (20 lines):
diff -r ff8912d6a177 -r 26c0ddf2fae5 crypto/external/bsd/heimdal/dist/lib/krb5/ticket.c
--- a/crypto/external/bsd/heimdal/dist/lib/krb5/ticket.c Tue Jul 11 15:39:31 2017 +0000
+++ b/crypto/external/bsd/heimdal/dist/lib/krb5/ticket.c Tue Jul 11 17:45:31 2017 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ticket.c,v 1.2 2017/01/28 21:31:49 christos Exp $ */
+/* $NetBSD: ticket.c,v 1.3 2017/07/11 17:45:31 christos Exp $ */
/*
* Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
@@ -707,8 +707,8 @@
/* check server referral and save principal */
ret = _krb5_principalname2krb5_principal (context,
&tmp_principal,
- rep->kdc_rep.ticket.sname,
- rep->kdc_rep.ticket.realm);
+ rep->enc_part.sname,
+ rep->enc_part.realm);
if (ret)
goto out;
if((flags & EXTRACT_TICKET_ALLOW_SERVER_MISMATCH) == 0){
Home |
Main Index |
Thread Index |
Old Index