freeipa

mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2024-12-26 00:41:25 -06:00

History

Rob Crittenden 33af154b7f validate_principal: Don't try to verify that the realm is known The actual value is less important than whether it matches the regular expression. A number of legal but difficult to know in context realms could be passed in here (trust for example). This fixes CVE-2024-1481 Fixes: https://pagure.io/freeipa/issue/9541 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>	2024-02-22 14:35:59 -05:00
..
__init__.py	rpcserver: validate Kerberos principal name before running kinit	2024-02-21 17:07:33 -05:00
test_kinit.py	validate_principal: Don't try to verify that the realm is known	2024-02-22 14:35:59 -05:00

Rob Crittenden 33af154b7f validate_principal: Don't try to verify that the realm is known

The actual value is less important than whether it matches the
regular expression. A number of legal but difficult to know in
context realms could be passed in here (trust for example).

This fixes CVE-2024-1481

Fixes: https://pagure.io/freeipa/issue/9541

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>

2024-02-22 14:35:59 -05:00

__init__.py

rpcserver: validate Kerberos principal name before running kinit

2024-02-21 17:07:33 -05:00

test_kinit.py

validate_principal: Don't try to verify that the realm is known

2024-02-22 14:35:59 -05:00