git.samba.org - samba.git/commit - selftest/knownfail_mit

author	Joseph Sutton <josephsutton@catalyst.net.nz>
	Wed, 18 May 2022 04:49:43 +0000 (16:49 +1200)
committer	Jule Anger <janger@samba.org>
	Wed, 27 Jul 2022 10:52:36 +0000 (10:52 +0000)
commit	e0c135e6c146b4bbbfbf9642c1b9c2d05c091963
tree	b0e32207603462ba3fce6915ad010f3e9133a6b3	tree
parent	4e2e767a78b5e94ecc8833ea6cd05f875c37dfed	commit \| diff

CVE-2022-2031 s4:kpasswd: Return a kpasswd error code in KRB-ERROR

If we attempt to return an error code outside of Heimdal's allowed range
[KRB5KDC_ERR_NONE, KRB5_ERR_RCSID), it will be replaced with a GENERIC
error, and the error text will be set to the meaningless result of
krb5_get_error_message(). Avoid this by ensuring the error code is in
the correct range.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15049
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15074

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>

selftest/knownfail_heimdal_kdc		diff \| blob \| history
selftest/knownfail_mit_kdc		diff \| blob \| history
source4/kdc/kpasswd-service.c		diff \| blob \| history