Package: krb5-pkinit
Version: 1.15-1
Severity: normal

Dear Maintainer,

In file /krb5-1.15.1/src/plugins/preauth/pkinit/pkinit_crypto_openssl.h I have found constant:

#define DN_BUF_LEN  256

So, the size of DN is limited by 256 bytes. It is very small and can be easily overflowed, especially if DN contains utf8-encoded CN/O/OU.
In this case PKINIT failed with error 'stack smashing detected'.

Please, consider to increase DN_BUF_LEN or use dynamic memory allocation for DN buffer.

-- System Information:
Debian Release: 9.1
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-3-amd64 (SMP w/1 CPU core)
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8), LANGUAGE=ru_RU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages krb5-pkinit depends on:
ii  libc6            2.24-11+deb9u1
ii  libcomerr2       1.43.4-2
ii  libk5crypto3     1.15-1
ii  libkeyutils1     1.5.9-9
ii  libkrb5-3        1.15-1
ii  libkrb5support0  1.15-1
ii  libssl1.1        1.1.0f-3

krb5-pkinit recommends no packages.

Versions of packages krb5-pkinit suggests:
ii  opensc  0.16.0-3

-- no debconf information

Reply via email to