From: Dr. Stephen Henson Date: Wed, 3 Mar 2010 15:41:18 +0000 (+0000) Subject: Submitted by: Tomas Hoger X-Git-Tag: OpenSSL-fips-2_0-rc1~1228 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=cca1cd9a3447dd067503e4a85ebd1679ee78a48e;p=oweals%2Fopenssl.git Submitted by: Tomas Hoger Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL could be crashed if the relevant tables were not present (e.g. chrooted). --- diff --git a/CHANGES b/CHANGES index b59daae5b2..a51168ef92 100644 --- a/CHANGES +++ b/CHANGES @@ -909,6 +909,12 @@ *) Change 'Configure' script to enable Camellia by default. [NTT] + + Changes between 0.9.8m and 0.9.8n [xx XXX xxxx] + + *) Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL + could be crashed if the relevant tables were not present (e.g. chrooted). + [Tomas Hoger ] Changes between 0.9.8l and 0.9.8m [xx XXX xxxx] diff --git a/ssl/kssl.c b/ssl/kssl.c index b5fa1f147d..0033e9bf62 100644 --- a/ssl/kssl.c +++ b/ssl/kssl.c @@ -1803,6 +1803,9 @@ kssl_ctx_show(KSSL_CTX *kssl_ctx) kssl_ctx->service_name ? kssl_ctx->service_name: KRB5SVC, KRB5_NT_SRV_HST, &princ); + if (krb5rc) + goto exit; + krb5rc = krb5_kt_get_entry(krb5context, krb5keytab, princ, 0 /* IGNORE_VNO */,