Commit 8e695f93 authored by Isaac Boukris's avatar Isaac Boukris Committed by Mathieu Parent

CVE-2018-16860 Heimdal KDC: Reject PA-S4U2Self with unkeyed checksum

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13685Signed-off-by: 's avatarIsaac Boukris <iboukris@gmail.com>
Reviewed-by: 's avatarAndrew Bartlett <abartlet@samba.org>
Signed-off-by: 's avatarAndrew Bartlett <abartlet@samba.org>
parent 9a309f24
This diff is collapsed.
......@@ -1925,6 +1925,13 @@ server_lookup:
goto out;
}
if (!krb5_checksum_is_keyed(context, self.cksum.cksumtype)) {
free_PA_S4U2Self(&self);
kdc_log(context, config, 0, "Reject PA-S4U2Self with unkeyed checksum");
ret = KRB5KRB_AP_ERR_INAPP_CKSUM;
goto out;
}
ret = _krb5_s4u2self_to_checksumdata(context, &self, &datack);
if (ret)
goto out;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment