Submitted by: Tomas Hoger <thoger@redhat.com>

author Dr. Stephen Henson <steve@openssl.org>

Wed, 3 Mar 2010 15:41:18 +0000 (15:41 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Wed, 3 Mar 2010 15:41:18 +0000 (15:41 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Wed, 3 Mar 2010 15:41:18 +0000 (15:41 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Wed, 3 Mar 2010 15:41:18 +0000 (15:41 +0000)
diff --git a/CHANGES b/CHANGES

index b59daae5b2e147fefacbac17e835d7ceb140eac8..a51168ef92e56cf1bc41c2fc00562e2e549787dd 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -909,6 +909,12 @@
  
    *) Change 'Configure' script to enable Camellia by default.
       [NTT]
+  
+   Changes between 0.9.8m and 0.9.8n [xx XXX xxxx]
+  
+  *) Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL 
+     could be crashed if the relevant tables were not present (e.g. chrooted).
+     [Tomas Hoger <thoger@redhat.com>]
  
   Changes between 0.9.8l and 0.9.8m  [xx XXX xxxx]
  
diff --git a/ssl/kssl.c b/ssl/kssl.c

index b5fa1f147dd64bf19a268008d70dc3c18a7530af..0033e9bf62e3857f27ea9dbda7047eb2a50a5f82 100644 (file)
--- a/ssl/kssl.c
+++ b/ssl/kssl.c
@@ -1803,6 +1803,9 @@ kssl_ctx_show(KSSL_CTX *kssl_ctx)
                                       kssl_ctx->service_name ? kssl_ctx->service_name: KRB5SVC,
                                       KRB5_NT_SRV_HST, &princ);
  
+    if (krb5rc)
+       goto exit;
+
      krb5rc = krb5_kt_get_entry(krb5context, krb5keytab, 
                                  princ,
                                  0 /* IGNORE_VNO */,
author	Dr. Stephen Henson <steve@openssl.org>
	Wed, 3 Mar 2010 15:41:18 +0000 (15:41 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Wed, 3 Mar 2010 15:41:18 +0000 (15:41 +0000)
CHANGES		patch \| blob \| history
ssl/kssl.c		patch \| blob \| history