upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-02-18 18:20:26 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

heimdal: Fix NULL deref

Browse source 
A flawed logical condition allows a malicious actor to remotely
trigger a NULL pointer dereference using a crafted negTokenInit
token.

Upstream notes:

    Reported to Heimdal by Michał Kępień <michal@isc.org>.

    From the report:

    Acknowledgement
    ---------------

    This flaw was found while working on addressing ZDI-CAN-12302: ISC BIND
    TKEY Query Heap-based Buffer Overflow Remote Code Execution
    Vulnerability, which was reported to ISC by Trend Micro's Zero Day

Security:	CVE-2022-3116
Obtained from:	upstream 7a19658c1

(cherry picked from commit fc773115fa2dbb6c01377f2ed47dabf79a4e361a)
This commit is contained in:
Cy Schubert 2024-02-15 07:41:07 -08:00
parent b1b256dd0f
commit 5b7c923d95
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
crypto/heimdal/lib/gssapi/spnego/accept_sec_context.c
View file

@ -605,7 +605,7 @@ acceptor_start
* If opportunistic token failed, lets try the other mechs.
*/
if (!first_ok && ni->mechToken != NULL) {
if (!first_ok) {
size_t j;
preferred_mech_type = GSS_C_NO_OID;