xref: /freebsd/crypto/krb5/src/tests/t_cve-2012-1015.py (revision 7f2fe78b9dd5f51c821d771b63d2e096f6fd49e9) 
1import base64
2import socket
3from k5test import *
4
5realm = K5Realm()
6
7# CVE-2012-1015 KDC frees uninitialized pointer
8
9# Force a failure in krb5_c_make_checksum(), which causes the cleanup
10# code in kdc_handle_protected_negotiation() to free an uninitialized
11# pointer in an unpatched KDC.
12
13s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
14a = (hostname, realm.portbase)
15
16x1 = base64.b16decode('6A81A030819DA103020105A20302010A' +
17                      'A30E300C300AA10402020095A2020400' +
18                      'A48180307EA00703050000000000A120' +
19                      '301EA003020101A11730151B066B7262' +
20                      '7467741B0B4B5242544553542E434F4D' +
21                      'A20D1B0B4B5242544553542E434F4DA3' +
22                      '20301EA003020101A11730151B066B72' +
23                      '627467741B0B4B5242544553542E434F' +
24                      '4DA511180F3139393430363130303630' +
25                      '3331375AA7030201')
26
27x2 = base64.b16decode('A8083006020106020112')
28
29for x in range(0, 128):
30    s.sendto(x1 + bytes([x]) + x2, a)
31
32# Make sure kinit still works.
33
34realm.kinit(realm.user_princ, password('user'))
35
36success('CVE-2012-1015 regression test')
37