packages/libgsasl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
libgsasl/CVE-2022-2469.patch
starlet-dx e26ff3c918 Fix CVE-2022-2469 
(cherry picked from commit 36de747bf933c5ea53f093fded18f145324cbee9)
2024-03-27 10:32:18 +08:00

29 lines
902 B
Diff
Raw Blame History

From 796e4197f696261c1f872d7576371232330bcc30 Mon Sep 17 00:00:00 2001
From: Simon Josefsson <simon@josefsson.org>
Date: Fri, 15 Jul 2022 16:23:58 +0200
Subject: [PATCH] GSSAPI server: Boundary check gss_wrap token (read OOB).
Origin:
https://gitlab.com/gsasl/gsasl/-/commit/796e4197f696261c1f872d7576371232330bcc30
---
gssapi/server.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/gssapi/server.c b/gssapi/server.c
index 4a5dfd7..a93e454 100644
--- a/gssapi/server.c
+++ b/gssapi/server.c
@@ -225,6 +225,9 @@ _gsasl_gssapi_server_step (Gsasl_session * sctx,
FALSE, and responds with the generated output_message. The
client can then consider the server authenticated. */
+ if (bufdesc2.length < 4)
+ return GSASL_AUTHENTICATION_ERROR;
+
if ((((char *) bufdesc2.value)[0] & GSASL_QOP_AUTH) == 0)
{
/* Integrity or privacy unsupported */
--
2.33.0
Reference in New Issue View Git Blame Copy Permalink