Commits on Source (3)
-
Simo Sorce authored
ber_scanf expects a pointer to a ber_tag_t to return the tag pointed at by "t", if that is not provided the pointer will be store in whatever memory location is pointed by the stack at that time causeing a crash. It's also possible for unprivileged end users to trigger parsing of the krbPrincipalKey. Fixes #8071: CVE-2019-14867 Reported by Todd Lipcon from Cloudera Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com> (cherry picked from commit d2e0d945)
e11e73ab -
Rob Crittenden authored
A raw batch request was fully logged which could expose parameters we don't want logged, like passwords. Override _repr_iter to use the individual commands to log the values so that values are properly obscured. In case of errors log the full value on when the server is in debug mode. Reported by Jamison Bennett from Cloudera Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Florence Blanc-Renaud <frenaud@redhat.com>
39120fa9 -
Alexander Bokovoy authored4a0017df