37 lines
1.2 KiB
Diff
37 lines
1.2 KiB
Diff
From 43958af1d50f0185e21e6cd74110c455ee8996af Mon Sep 17 00:00:00 2001
|
|
From: Isaac Boukris <iboukris@gmail.com>
|
|
Date: Wed, 30 Jan 2019 23:49:07 +0200
|
|
Subject: [PATCH] CVE-2018-16860 Heimdal KDC: Reject PA-S4U2Self with unkeyed
|
|
checksum
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13685
|
|
|
|
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
|
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
|
|
Autobuild-Date(master): Tue May 14 11:45:13 UTC 2019 on sn-devel-184
|
|
---
|
|
source4/heimdal/kdc/krb5tgs.c | 7 +
|
|
1 files changed, 7 insertions(+), 0 deletions(-)
|
|
|
|
diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c
|
|
index a888788bb6f..ff7d93138c0 100644
|
|
--- a/source4/heimdal/kdc/krb5tgs.c
|
|
+++ b/source4/heimdal/kdc/krb5tgs.c
|
|
@@ -1925,6 +1925,13 @@ tgs_build_reply(krb5_context context,
|
|
goto out;
|
|
}
|
|
|
|
+ if (!krb5_checksum_is_keyed(context, self.cksum.cksumtype)) {
|
|
+ free_PA_S4U2Self(&self);
|
|
+ kdc_log(context, config, 0, "Reject PA-S4U2Self with unkeyed checksum");
|
|
+ ret = KRB5KRB_AP_ERR_INAPP_CKSUM;
|
|
+ goto out;
|
|
+ }
|
|
+
|
|
ret = _krb5_s4u2self_to_checksumdata(context, &self, &datack);
|
|
if (ret)
|
|
goto out;
|