Package: krb5-pkinit
Version: 1.15-1
Severity: normal
Dear Maintainer,
In file /krb5-1.15.1/src/plugins/preauth/pkinit/pkinit_crypto_openssl.h
I have found constant:
#define DN_BUF_LEN 256
So, the size of DN is limited by 256 bytes. It is very small and can be
easily overflowed, especially if DN contains utf8-encoded CN/O/OU.
In this case PKINIT failed with error 'stack smashing detected'.
Please, consider to increase DN_BUF_LEN or use dynamic memory allocation
for DN buffer.
-- System Information:
Debian Release: 9.1
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-3-amd64 (SMP w/1 CPU core)
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8),
LANGUAGE=ru_RU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages krb5-pkinit depends on:
ii libc6 2.24-11+deb9u1
ii libcomerr2 1.43.4-2
ii libk5crypto3 1.15-1
ii libkeyutils1 1.5.9-9
ii libkrb5-3 1.15-1
ii libkrb5support0 1.15-1
ii libssl1.1 1.1.0f-3
krb5-pkinit recommends no packages.
Versions of packages krb5-pkinit suggests:
ii opensc 0.16.0-3
-- no debconf information