krb5/krb5-CVE-2013-1418.patch

Adjusted to apply to 1.11.3.

commit 5d2d9a1abe46a2c1a8614d4672d08d9d30a5f8bf
Author: Tom Yu <tlyu@mit.edu>
Date:   Mon Nov 4 13:44:29 2013 -0500

    Multi-realm KDC null deref [CVE-2013-1418]
    
    If a KDC serves multiple realms, certain requests can cause
    setup_server_realm() to dereference a null pointer, crashing the KDC.
    
    CVSSv2: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C
    
    A related but more minor vulnerability requires authentication to
    exploit, and is only present if a third-party KDC database module can
    dereference a null pointer under certain conditions.
    
    ticket: 7755 (new)
    target_version: 1.12
    tags: pullup

diff --git a/src/kdc/main.c b/src/kdc/main.c
index 0f5961a..a7ffe63 100644
--- a/src/kdc/main.c
+++ b/src/kdc/main.c
@@ -124,6 +124,9 @@ setup_server_realm(struct server_handle *handle, krb5_principal sprinc)
     kdc_realm_t **kdc_realmlist = handle->kdc_realmlist;
     int kdc_numrealms = handle->kdc_numrealms;
 
+    if (sprinc == NULL)
+        return NULL;
+
     kret = 0;
     if (kdc_numrealms > 1) {
         if (!(newrealm = find_realm_data(handle, sprinc->realm.data,
Incorporate patch for RT#7755 (CVE-2013-1418) - incorporate upstream patch for remote crash of KDCs which serve multiple realms simultaneously (RT#7755, CVE-2013-1418) 2013-11-04 20:47:55 +00:00			`Adjusted to apply to 1.11.3.`

			`commit 5d2d9a1abe46a2c1a8614d4672d08d9d30a5f8bf`
			`Author: Tom Yu <tlyu@mit.edu>`
			`Date: Mon Nov 4 13:44:29 2013 -0500`

			`Multi-realm KDC null deref [CVE-2013-1418]`

			`If a KDC serves multiple realms, certain requests can cause`
			`setup_server_realm() to dereference a null pointer, crashing the KDC.`

			`CVSSv2: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C`

			`A related but more minor vulnerability requires authentication to`
			`exploit, and is only present if a third-party KDC database module can`
			`dereference a null pointer under certain conditions.`

			`ticket: 7755 (new)`
			`target_version: 1.12`
			`tags: pullup`

			`diff --git a/src/kdc/main.c b/src/kdc/main.c`
			`index 0f5961a..a7ffe63 100644`
			`--- a/src/kdc/main.c`
			`+++ b/src/kdc/main.c`
			`@@ -124,6 +124,9 @@ setup_server_realm(struct server_handle *handle, krb5_principal sprinc)`
			`kdc_realm_t **kdc_realmlist = handle->kdc_realmlist;`
			`int kdc_numrealms = handle->kdc_numrealms;`

			`+ if (sprinc == NULL)`
			`+ return NULL;`
			`+`
			`kret = 0;`
			`if (kdc_numrealms > 1) {`
			`if (!(newrealm = find_realm_data(handle, sprinc->realm.data,`