krb5: Fix null dereference in SPNEGO token processing
krb5 1.22.1 erroneously removed a check from get_negTokenResp() for successful decoding of the mechListMIC field. Restore the check to prevent a null pointer dereference. Commit message details obtained from upstream commit. Obtained from: Upstream commit 4ae75cded MFC after: 3 days
This commit is contained in:
@@ -3517,6 +3517,8 @@ get_negTokenResp(OM_uint32 *minor_status, struct k5input *in,
|
|||||||
|
|
||||||
if (k5_der_get_value(&seq, CONTEXT | 0x03, &field)) {
|
if (k5_der_get_value(&seq, CONTEXT | 0x03, &field)) {
|
||||||
*mechListMIC = get_octet_string(&field);
|
*mechListMIC = get_octet_string(&field);
|
||||||
|
if (*mechListMIC == GSS_C_NO_BUFFER)
|
||||||
|
return GSS_S_DEFECTIVE_TOKEN;
|
||||||
|
|
||||||
/* Handle Windows 2000 duplicate response token */
|
/* Handle Windows 2000 duplicate response token */
|
||||||
if (*responseToken &&
|
if (*responseToken &&
|
||||||
|
|||||||
Reference in New Issue
Block a user