32 lines
1.1 KiB
Diff
32 lines
1.1 KiB
Diff
From b3ccbf6ba3f662d0671b0abd10017562f76a190a Mon Sep 17 00:00:00 2001
|
|
From: Greg Hudson <ghudson@mit.edu>
|
|
Date: Wed, 25 Sep 2019 12:57:56 -0400
|
|
Subject: [PATCH] Fix KDC crash when logging PKINIT enctypes
|
|
|
|
Commit a649279727490687d54becad91fde8cf7429d951 introduced a KDC crash
|
|
bug due to transposed strlcpy() arguments. Fix the argument order.
|
|
|
|
This bug does not affect any MIT krb5 release, but affects the Fedora
|
|
krb5 packages due to backports. CVE-2019-14844 has been issued as a
|
|
result.
|
|
|
|
ticket: 8772
|
|
(cherry picked from commit 275c9a1aad36a1a7b56042f1a2c21c33e7d16eaf)
|
|
---
|
|
src/kdc/kdc_util.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c
|
|
index 23ad6c584..698f18c1c 100644
|
|
--- a/src/kdc/kdc_util.c
|
|
+++ b/src/kdc/kdc_util.c
|
|
@@ -1080,7 +1080,7 @@ enctype_name(krb5_enctype ktype, char *buf, size_t buflen)
|
|
else
|
|
return krb5_enctype_to_name(ktype, FALSE, buf, buflen);
|
|
|
|
- if (strlcpy(name, buf, buflen) >= buflen)
|
|
+ if (strlcpy(buf, name, buflen) >= buflen)
|
|
return ENOMEM;
|
|
return 0;
|
|
}
|