krb5/Fix-KDC-crash-when-logging-PKINIT-enctypes.patch
2019-11-27 12:36:19 -05:00

32 lines
1.1 KiB
Diff

From fd25fce46c2454b7386d2725dba493471a2e3fe8 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Wed, 25 Sep 2019 12:57:56 -0400
Subject: [PATCH] Fix KDC crash when logging PKINIT enctypes
Commit a649279727490687d54becad91fde8cf7429d951 introduced a KDC crash
bug due to transposed strlcpy() arguments. Fix the argument order.
This bug does not affect any MIT krb5 release, but affects the Fedora
krb5 packages due to backports. CVE-2019-14844 has been issued as a
result.
ticket: 8772
(cherry picked from commit 275c9a1aad36a1a7b56042f1a2c21c33e7d16eaf)
---
src/kdc/kdc_util.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c
index 23ad6c584..698f18c1c 100644
--- a/src/kdc/kdc_util.c
+++ b/src/kdc/kdc_util.c
@@ -1080,7 +1080,7 @@ enctype_name(krb5_enctype ktype, char *buf, size_t buflen)
else
return krb5_enctype_to_name(ktype, FALSE, buf, buflen);
- if (strlcpy(name, buf, buflen) >= buflen)
+ if (strlcpy(buf, name, buflen) >= buflen)
return ENOMEM;
return 0;
}