Package: heimdal / 7.1.0+dfsg-13+deb9u3

CVE-2017-17439-KDC-remote-DoS.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
From: Jeffrey Altman <jaltman@secure-endpoints.com>
Subject: Security: Avoid NULL structure pointer member dereference
Origin: https://github.com/heimdal/heimdal/commit/749d377fa357351a7bbba51f8aae72cdf0629592.diff
Bug: https://github.com/heimdal/heimdal/issues/353
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878144
--- a/kdc/kerberos5.c
+++ b/kdc/kerberos5.c
@@ -2227,15 +2227,17 @@ out:
     /*
      * In case of a non proxy error, build an error message.
      */
-    if(ret != 0 && ret != HDB_ERR_NOT_FOUND_HERE && reply->length == 0) {
+    if (ret != 0 && ret != HDB_ERR_NOT_FOUND_HERE && reply->length == 0) {
 	ret = _kdc_fast_mk_error(context, r,
 				 &error_method,
 				 r->armor_crypto,
 				 &req->req_body,
 				 ret, r->e_text,
 				 r->server_princ,
-				 &r->client_princ->name,
-				 &r->client_princ->realm,
+				 r->client_princ ?
+                                     &r->client_princ->name : NULL,
+				 r->client_princ ?
+                                     &r->client_princ->realm : NULL,
 				 NULL, NULL,
 				 reply);
 	if (ret)