git: 91db848212e3 - main - heimdal: Handle other types of garbage data

Thu, 24 Nov 2022 09:27:01 -0800 

The branch main has been updated by cy:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=91db848212e3b95cc689a1e8133a1d550b524919

commit 91db848212e3b95cc689a1e8133a1d550b524919
Author:     Cy Schubert <[email protected]>
AuthorDate: 2022-11-24 15:07:43 +0000
Commit:     Cy Schubert <[email protected]>
CommitDate: 2022-11-24 17:23:23 +0000

    heimdal: Handle other types of garbage data
    
    In addition to garbage realm data, also handle garbage dbname, acl_file,
    stash_file, and invalid bitmask garbage data.
    
    PR:             267912
    Reported by:    Robert Morris <[email protected]>
    MFC after:      3 days
---
 crypto/heimdal/lib/kadm5/marshall.c | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/crypto/heimdal/lib/kadm5/marshall.c 
b/crypto/heimdal/lib/kadm5/marshall.c
index 38b9855021b2..fa7388b692fe 100644
--- a/crypto/heimdal/lib/kadm5/marshall.c
+++ b/crypto/heimdal/lib/kadm5/marshall.c
@@ -333,12 +333,38 @@ _kadm5_unmarshal_params(krb5_context context,
     ret = krb5_ret_int32(sp, &mask);
     if (ret)
        goto out;
+    if (mask & KADM5_CONFIG_REALM & KADM5_CONFIG_DBNAME
+       & KADM5_CONFIG_ACL_FILE & KADM5_CONFIG_STASH_FILE) {
+           ret = EINVAL;
+           goto out;
+    }
     params->mask = mask;
 
     if (params->mask & KADM5_CONFIG_REALM) {
        ret = krb5_ret_string(sp, &params->realm);
        if (params->realm == NULL) {
            ret = EINVAL;
+           goto out;
+       }
+    }
+    if (params->mask & KADM5_CONFIG_DBNAME) {
+       ret = krb5_ret_string(sp, &params->dbname);
+       if (params->dbname == NULL) {
+           ret = EINVAL;
+           goto out;
+       }
+    }
+    if (params->mask & KADM5_CONFIG_ACL_FILE) {
+       ret = krb5_ret_string(sp, &params->acl_file);
+       if (params->acl_file == NULL) {
+           ret = EINVAL;
+           goto out;
+       }
+    }
+    if (params->mask & KADM5_CONFIG_STASH_FILE) {
+       ret = krb5_ret_string(sp, &params->stash_file);
+       if (params->stash_file == NULL) {
+           ret = EINVAL;
        }
     }
  out:

Reply via email to