Blame src/tests/t_cve-2012-1014.py
|
Packit |
fd8b60 |
import base64
|
|
Packit |
fd8b60 |
import socket
|
|
Packit |
fd8b60 |
from k5test import *
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
realm = K5Realm()
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# CVE-2012-1014 KDC dereferences uninitialized pointer
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# Affects only krb5-1.10.x.
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
|
|
Packit |
fd8b60 |
a = (hostname, realm.portbase)
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
x1 = base64.b16decode('6A5E305BA103020105A2030201')
|
|
Packit |
fd8b60 |
x2 = base64.b16decode('A44F304DA007030500FEDCBA90A10E30' +
|
|
Packit |
fd8b60 |
'0CA003020101A10530031B0141A2031B' +
|
|
Packit |
fd8b60 |
'0141A30E300CA003020101A10530031B' +
|
|
Packit |
fd8b60 |
'0141A511180F31393934303631303036' +
|
|
Packit |
fd8b60 |
'303331375AA70302012AA80530030201' +
|
|
Packit |
fd8b60 |
'01')
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
for x in range(11, 128):
|
|
Packit |
fd8b60 |
s.sendto(x1 + bytes([x]) + x2, a)
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# Make sure kinit still works.
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
realm.kinit(realm.user_princ, password('user'))
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
success('CVE-2012-1014 regression test')
|