CVE-2022-44640 HEIMDAL: asn1: invalid free in ASN.1 codec
requested to merge samba-team/devel/samba:abartlet/CVE-2021-44758-heimdal-use-after-free into master
Thankfully Samba avoids the use-after-free by not exposing the FAST or other vulnerable paths (in 4.15) and using the new templating parser in 4.16 and later, but we should backport the upstream Heimdal patch regardless, just to be safe.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14929
Checklist
-
Commits have Signed-off-by:with name/author being identical to the commit author -
(optional) This MR is just one part towards a larger feature. -
(optional, if backport required) Bugzilla bug filed and BUG:tag added -
Test suite updated with functionality tests -
Test suite updated with negative tests -
Documentation updated -
CI timeout is 3h or higher (see Settings/CICD/General pipelines/ Timeout)
Reviewer's checklist:
-
There is a test suite reasonably covering new functionality or modifications -
Function naming, parameters, return values, types, etc., are consistent and according to README.Coding.md -
This feature/change has adequate documentation added -
No obvious mistakes in the code
Edited by Andrew Bartlett