Submitted by: Tomas Hoger <thoger@redhat.com>
authorDr. Stephen Henson <steve@openssl.org>
Wed, 3 Mar 2010 15:41:00 +0000 (15:41 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Wed, 3 Mar 2010 15:41:00 +0000 (15:41 +0000)
Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL
could be crashed if the relevant tables were not present (e.g. chrooted).

CHANGES
ssl/kssl.c

diff --git a/CHANGES b/CHANGES
index 178a68dbda8cc180a3d9472ff28b467fdac9adcb..c0a0cf41c09bafc882da7944f602738e70b27ef5 100644 (file)
--- a/CHANGES
+++ b/CHANGES
 
   *) Change 'Configure' script to enable Camellia by default.
      [NTT]
+  
+   Changes between 0.9.8m and 0.9.8n [xx XXX xxxx]
+  
+  *) Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL 
+     could be crashed if the relevant tables were not present (e.g. chrooted).
+     [Tomas Hoger <thoger@redhat.com>]
 
  Changes between 0.9.8l and 0.9.8m  [25 Feb 2010]
 
index 4fb655285b4b5630f8fa5db43c1b39cfee859166..b820e37464f4f24468d3a31432dd995f9ef942c0 100644 (file)
@@ -1803,6 +1803,9 @@ kssl_ctx_show(KSSL_CTX *kssl_ctx)
                                      kssl_ctx->service_name ? kssl_ctx->service_name: KRB5SVC,
                                      KRB5_NT_SRV_HST, &princ);
 
+    if (krb5rc)
+       goto exit;
+
     krb5rc = krb5_kt_get_entry(krb5context, krb5keytab, 
                                 princ,
                                 0 /* IGNORE_VNO */,