git.samba.org - samba.git/commit

author	Joseph Sutton <josephsutton@catalyst.net.nz>
	Wed, 18 May 2022 04:49:43 +0000 (16:49 +1200)
committer	Jule Anger <janger@samba.org>
	Sun, 24 Jul 2022 09:42:02 +0000 (11:42 +0200)
commit	cf749fac346ef59c91a9ea87f5e7ddec2e5649c7
tree	956f93076dbae42718c43f88aea6f643036997d0	tree
parent	cf9e37604409ba0c3c5904af40beb2975c309ad4	commit \| diff

CVE-2022-2031 s4:kpasswd: Return a kpasswd error code in KRB-ERROR

If we attempt to return an error code outside of Heimdal's allowed range
[KRB5KDC_ERR_NONE, KRB5_ERR_RCSID), it will be replaced with a GENERIC
error, and the error text will be set to the meaningless result of
krb5_get_error_message(). Avoid this by ensuring the error code is in
the correct range.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15049
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15074

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>

selftest/knownfail_heimdal_kdc		diff \| blob \| history
selftest/knownfail_mit_kdc		diff \| blob \| history
source4/kdc/kpasswd-service.c		diff \| blob \| history