From: Dr. Stephen Henson <steve@openssl.org>
Date: Wed, 3 Mar 2010 15:34:11 +0000 (+0000)
Subject: Submitted by: Tomas Hoger <thoger@redhat.com>
X-Git-Tag: OpenSSL_0_9_8n~16
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=ede1351997d7dc9564dae45c48dd90d860f1ffb2;p=oweals%2Fopenssl.git

Submitted by: Tomas Hoger <thoger@redhat.com>

Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL
could be crashed if the relevant tables were not present (e.g. chrooted).
---

diff --git a/CHANGES b/CHANGES
index 349501e783..ce053771e3 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,7 +4,9 @@
 
  Changes between 0.9.8m and 0.9.8n [xx XXX xxxx]
 
-  *)
+  *) Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL 
+     could be crashed if the relevant tables were not present (e.g. chrooted).
+     [Tomas Hoger <thoger@redhat.com>]
 
  Changes between 0.9.8l and 0.9.8m [25 Feb 2010]
 
diff --git a/ssl/kssl.c b/ssl/kssl.c
index 73401c92a3..5cba28b89b 100644
--- a/ssl/kssl.c
+++ b/ssl/kssl.c
@@ -1802,6 +1802,9 @@ kssl_ctx_show(KSSL_CTX *kssl_ctx)
                                      kssl_ctx->service_name ? kssl_ctx->service_name: KRB5SVC,
                                      KRB5_NT_SRV_HST, &princ);
 
+    if (krb5rc)
+	goto exit;
+
     krb5rc = krb5_kt_get_entry(krb5context, krb5keytab, 
                                 princ,
                                 0 /* IGNORE_VNO */,