From ede1351997d7dc9564dae45c48dd90d860f1ffb2 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 3 Mar 2010 15:34:11 +0000 Subject: Submitted by: Tomas Hoger Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL could be crashed if the relevant tables were not present (e.g. chrooted). --- ssl/kssl.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'ssl') diff --git a/ssl/kssl.c b/ssl/kssl.c index 73401c92a3..5cba28b89b 100644 --- a/ssl/kssl.c +++ b/ssl/kssl.c @@ -1802,6 +1802,9 @@ kssl_ctx_show(KSSL_CTX *kssl_ctx) kssl_ctx->service_name ? kssl_ctx->service_name: KRB5SVC, KRB5_NT_SRV_HST, &princ); + if (krb5rc) + goto exit; + krb5rc = krb5_kt_get_entry(krb5context, krb5keytab, princ, 0 /* IGNORE_VNO */, -- cgit v1.2.3