kgssapi_krb5: Fix a couple of bugs in krb5_import()
AcceptedPublic
Actions

Authored by markj on Mon, Apr 6, 2:49 PM.

Details

Reviewers

Summary

We don't bound the size of the allocation for the jitter window, so it's
possible to request up to 16GB of memory, and on 32-bit systems, the
multiplication can overflow. Bound the allocation to the size of the
context.

Ensure that km_elem is freed if we hit the error case.

Reported by: AEGIS and Equilateral AI

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Build Status

Buildable 71990
Build 68873: arc lint + arc unit

Event Timeline

markj created this revision.Mon, Apr 6, 2:49 PM

Herald added a subscriber: imp. · View Herald TranscriptMon, Apr 6, 2:49 PM

markj requested review of this revision.Mon, Apr 6, 2:49 PM

Harbormaster completed remote builds in B71990: Diff 174967.Mon, Apr 6, 2:49 PM

Looks ok to me. Of course, since we no longer
use Heimdal, I'm not sure it matters?
(Maybe to MFC to FreeBSD-14?)

This revision is now accepted and ready to land.Mon, Apr 6, 2:56 PM

Revision Contents
Changeset List

Path

Size

sys/

kgssapi/

krb5/

krb5_mech.c

15 lines

Diff 174967

View Options

sys/kgssapi/krb5/krb5_mech.c

kgssapi_krb5: Fix a couple of bugs in krb5_import()AcceptedPublicActions