diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2010-03-03 15:41:00 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2010-03-03 15:41:00 +0000 |
commit | 47333a34d5485fc7788fc121c0bf8e754f8ffc55 (patch) | |
tree | e2ec593ce31b803f98267479d4c7753a47e82348 /ssl | |
parent | d92138f70342569a6606f0157395452fa4c9d64c (diff) |
Submitted by: Tomas Hoger <thoger@redhat.com>
Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL
could be crashed if the relevant tables were not present (e.g. chrooted).
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/kssl.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/ssl/kssl.c b/ssl/kssl.c index 4fb655285b..b820e37464 100644 --- a/ssl/kssl.c +++ b/ssl/kssl.c @@ -1803,6 +1803,9 @@ kssl_ctx_show(KSSL_CTX *kssl_ctx) kssl_ctx->service_name ? kssl_ctx->service_name: KRB5SVC, KRB5_NT_SRV_HST, &princ); + if (krb5rc) + goto exit; + krb5rc = krb5_kt_get_entry(krb5context, krb5keytab, princ, 0 /* IGNORE_VNO */, |