[PATCH] Regression test for [CVE-2017-11103] Orpheus' Lyre KDC-REP service name validation (mutual auth bypass)

Andrew Bartlett abartlet at samba.org
Sat Oct 14 19:02:41 UTC 2017

On Thu, 2017-09-21 at 19:29 +1200, Andrew Bartlett via samba-technical
> G'Day,
> This patch I wrote at the time of dealing with CVE-2017-11103, the
> Orpheus' Lyre KDC-REP service name validation (mutual auth
> bypass) issue.  I didn't make it public at the time, but it feels safe
> now.
> I want to ensure we don't regress on this again in the future,
> particularly as Gary and I are working to drag our Heimdal branch out
> of the dark ages.  (I know this seems like an odd thing to do at this
> point, but I would rather do this now than in a rush later). 
> Please review/push!

I know the framework (modifying and checking packets in the send/recv
hook) on which this is based is is really complex code (quite horrible,
really), but can I please get a team review on this patch.  I really
want to ensure we don't regress here.

Upstream Heimdal has no framework like Samba's krb5.kdc test, so we do
need to check this in smbtorture.

Please review/push.

Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba-technical mailing list