kgssapi_krb5: Fix a couple of bugs in krb5_import()
AcceptedPublic
Actions

Authored by markj on Apr 6 2026, 2:49 PM.

Tags

None

Referenced Files

	Unknown Object (File)
	Tue, May 12, 2:15 AM

	Unknown Object (File)
	Mon, May 11, 4:32 PM

	Unknown Object (File)
	Sun, May 10, 5:25 AM

	Unknown Object (File)
	Sun, May 10, 5:17 AM

	Unknown Object (File)
	Sat, May 9, 9:19 AM

	Unknown Object (File)
	Sat, Apr 25, 5:04 AM

	Unknown Object (File)
	Fri, Apr 24, 5:10 AM

	Unknown Object (File)
	Fri, Apr 24, 1:45 AM

View All 16 Files

Subscribers

imp

Details

Reviewers

rmacklem

Summary

We don't bound the size of the allocation for the jitter window, so it's
possible to request up to 16GB of memory, and on 32-bit systems, the
multiplication can overflow. Bound the allocation to the size of the
context.

Ensure that km_elem is freed if we hit the error case.

Reported by: AEGIS and Equilateral AI

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Build Status

Buildable 71990
Build 68873: arc lint + arc unit

Event Timeline

markj created this revision.Apr 6 2026, 2:49 PM

Herald added a subscriber: imp. · View Herald TranscriptApr 6 2026, 2:49 PM

markj requested review of this revision.Apr 6 2026, 2:49 PM

Harbormaster completed remote builds in B71990: Diff 174967.Apr 6 2026, 2:49 PM

Looks ok to me. Of course, since we no longer
use Heimdal, I'm not sure it matters?
(Maybe to MFC to FreeBSD-14?)

This revision is now accepted and ready to land.Apr 6 2026, 2:56 PM

Revision Contents
Changeset List

Path

Size

sys/

kgssapi/

krb5/

krb5_mech.c

15 lines

Diff 174967

View Options

sys/kgssapi/krb5/krb5_mech.c

kgssapi_krb5: Fix a couple of bugs in krb5_import()AcceptedPublicActions