git.samba.org - samba-bkup.git/commit

author	Joseph Sutton <josephsutton@catalyst.net.nz>
	Wed, 25 May 2022 08:00:55 +0000 (20:00 +1200)
committer	Jule Anger <janger@samba.org>
	Sun, 24 Jul 2022 09:42:02 +0000 (11:42 +0200)
commit	d40593be83144713cfc43e4eb1c7bc2d925a0da0
tree	f455d3850c607703130ab8ae333bb70052d1304f	tree
parent	389851bcf399f9511e2cb797350c37ce91aa5849	commit \| diff

CVE-2022-2031 s4:kdc: Don't use strncmp to compare principal components

We would only compare the first 'n' characters, where 'n' is the length
of the principal component string, so 'k@REALM' would erroneously be
considered equal to 'krbtgt@REALM'.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>

selftest/knownfail_heimdal_kdc		diff \| blob \| history
selftest/knownfail_mit_kdc		diff \| blob \| history
source4/kdc/db-glue.c		diff \| blob \| history

Samba Shared Repository

RSS Atom