Diffusion FreeBSD src repository aac9dda7f844

Heimdal: Fix transit path validation CVE-2017-6594
aac9dda7f844
Actions

Description

Heimdal: Fix transit path validation CVE-2017-6594

Apply upstream b1e699103. This fixes a bug introduced by upstream
f469fc6 which may in some cases enable bypass of capath policy.

Upstream writes in their commit log:

Note, this may break sites that rely on the bug.  With the bug some
incomplete [capaths] worked, that should not have.  These may now break
authentication in some cross-realm configurations.

Reported by: emaste
Security: CVE-2017-6594
Obtained from: upstream b1e699103
MFS requested by: re (cperciva
Approved by: re (cperciva)

(cherry picked from commit f8041e3628bd70cf5562a9c13eb3d6af8463e720)
(cherry picked from commit 9a7121454dc0f68af2687699d5feabf736692fa6)

Details

Provenance

cy	Authored on Feb 14 2024, 7:56 PM

Parents

rG00c958f12c3d: msdosfs: fix directory corruption after rename operation

Branches

Unknown

Tags

Unknown

Event Timeline

cy committed rGaac9dda7f844: Heimdal: Fix transit path validation CVE-2017-6594 (authored by cy).Feb 21 2024, 2:01 PM

Changes (1)

Path

Size

crypto/

heimdal/

kdc/

krb5tgs.c

rGaac9dda7f844

View Options

crypto/heimdal/kdc/krb5tgs.c