|
|
b58328 |
From 61db30080726bfc4832b8516b335734a5246ac0b Mon Sep 17 00:00:00 2001
|
|
|
b58328 |
From: Simo Sorce <simo@redhat.com>
|
|
|
b58328 |
Date: Mon, 16 Sep 2019 11:12:25 -0400
|
|
|
b58328 |
Subject: [PATCH] Make sure to have storage space for tag
|
|
|
b58328 |
|
|
|
b58328 |
ber_scanf expects a pointer to a ber_tag_t to return the tag pointed at
|
|
|
b58328 |
by "t", if that is not provided the pointer will be store in whatever
|
|
|
b58328 |
memory location is pointed by the stack at that time causeing a crash.
|
|
|
b58328 |
|
|
|
b58328 |
Note that this is effectively unused code because in ipa-kdb the only
|
|
|
b58328 |
party that can write a key_data structure to be stored is te kdb_driver
|
|
|
b58328 |
itself and we never encode these s2kparam data.
|
|
|
b58328 |
|
|
|
b58328 |
But we need to handle this for future proofing.
|
|
|
b58328 |
|
|
|
b58328 |
Fixes #8071
|
|
|
b58328 |
|
|
|
b58328 |
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
b58328 |
Reviewed-By: Christian Heimes <cheimes@redhat.com>
|
|
|
b58328 |
---
|
|
|
b58328 |
util/ipa_krb5.c | 2 +-
|
|
|
b58328 |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
b58328 |
|
|
|
b58328 |
diff --git a/util/ipa_krb5.c b/util/ipa_krb5.c
|
|
|
b58328 |
index a27cd4a4e538c738c6ab2157a4daabf8fea7661c..c09c3daa505655f2e5292a79c03683faa75ad244 100644
|
|
|
b58328 |
--- a/util/ipa_krb5.c
|
|
|
b58328 |
+++ b/util/ipa_krb5.c
|
|
|
b58328 |
@@ -554,7 +554,7 @@ int ber_decode_krb5_key_data(struct berval *encoded, int *m_kvno,
|
|
|
b58328 |
retag = ber_peek_tag(be, &setlen);
|
|
|
b58328 |
if (retag == (LBER_CONSTRUCTED | LBER_CLASS_CONTEXT | 2)) {
|
|
|
b58328 |
/* not supported yet, skip */
|
|
|
b58328 |
- retag = ber_scanf(be, "t[x]}");
|
|
|
b58328 |
+ retag = ber_scanf(be, "t[x]}", &tag;;
|
|
|
b58328 |
} else {
|
|
|
b58328 |
retag = ber_scanf(be, "}");
|
|
|
b58328 |
}
|
|
|
b58328 |
--
|
|
|
b58328 |
2.23.0
|
|
|
b58328 |
|