Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/crypto/krb5/src/tests/t_cve-2012-1015.py
34869 views
1
import base64

2
import socket

3
from k5test import *

4


5
realm = K5Realm()

6


7
# CVE-2012-1015 KDC frees uninitialized pointer

8


9
# Force a failure in krb5_c_make_checksum(), which causes the cleanup

10
# code in kdc_handle_protected_negotiation() to free an uninitialized

11
# pointer in an unpatched KDC.

12


13
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)

14
a = (hostname, realm.portbase)

15


16
x1 = base64.b16decode('6A81A030819DA103020105A20302010A' +

17
                      'A30E300C300AA10402020095A2020400' +

18
                      'A48180307EA00703050000000000A120' +

19
                      '301EA003020101A11730151B066B7262' +

20
                      '7467741B0B4B5242544553542E434F4D' +

21
                      'A20D1B0B4B5242544553542E434F4DA3' +

22
                      '20301EA003020101A11730151B066B72' +

23
                      '627467741B0B4B5242544553542E434F' +

24
                      '4DA511180F3139393430363130303630' +

25
                      '3331375AA7030201')

26


27
x2 = base64.b16decode('A8083006020106020112')

28


29
for x in range(0, 128):

30
    s.sendto(x1 + bytes([x]) + x2, a)

31


32
# Make sure kinit still works.

33


34
realm.kinit(realm.user_princ, password('user'))

35


36
success('CVE-2012-1015 regression test')

37


38