Fix KDC crash when logging PKINIT enctypes (CVE-2019-14844)
This commit is contained in:
Robbie Harwood
parent
bff738a25d
commit
1a6673d2ee
31
Fix-KDC-crash-when-logging-PKINIT-enctypes.patch
Normal file
31
Fix-KDC-crash-when-logging-PKINIT-enctypes.patch
Normal file
@ -0,0 +1,31 @@
|
||||
From 55353df13814c6d711a1d947dd6690b334269122 Mon Sep 17 00:00:00 2001
|
||||
From: Greg Hudson <ghudson@mit.edu>
|
||||
Date: Wed, 25 Sep 2019 12:57:56 -0400
|
||||
Subject: [PATCH] Fix KDC crash when logging PKINIT enctypes
|
||||
|
||||
Commit a649279727490687d54becad91fde8cf7429d951 introduced a KDC crash
|
||||
bug due to transposed strlcpy() arguments. Fix the argument order.
|
||||
|
||||
This bug does not affect any MIT krb5 release, but affects the Fedora
|
||||
krb5 packages due to backports. CVE-2019-14844 has been issued as a
|
||||
result.
|
||||
|
||||
ticket: 8772
|
||||
(cherry picked from commit 275c9a1aad36a1a7b56042f1a2c21c33e7d16eaf)
|
||||
---
|
||||
src/kdc/kdc_util.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c
|
||||
index 23ad6c584..698f18c1c 100644
|
||||
--- a/src/kdc/kdc_util.c
|
||||
+++ b/src/kdc/kdc_util.c
|
||||
@@ -1080,7 +1080,7 @@ enctype_name(krb5_enctype ktype, char *buf, size_t buflen)
|
||||
else
|
||||
return krb5_enctype_to_name(ktype, FALSE, buf, buflen);
|
||||
|
||||
- if (strlcpy(name, buf, buflen) >= buflen)
|
||||
+ if (strlcpy(buf, name, buflen) >= buflen)
|
||||
return ENOMEM;
|
||||
return 0;
|
||||
}
|
||||
@ -18,7 +18,7 @@ Summary: The Kerberos network authentication system
|
||||
Name: krb5
|
||||
Version: 1.17
|
||||
# for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces)
|
||||
Release: 44%{?dist}
|
||||
Release: 45%{?dist}
|
||||
|
||||
# lookaside-cached sources; two downloads and a build artifact
|
||||
Source0: https://web.mit.edu/kerberos/dist/krb5/1.17/krb5-%{version}%{prerelease}.tar.gz
|
||||
@ -123,6 +123,7 @@ Patch161: krb5-1.17post5-FIPS-with-PRNG-and-RADIUS-without-SPA.patch
|
||||
Patch162: Simplify-krb5_dbe_def_search_enctype.patch
|
||||
Patch163: Squash-apparent-forward-null-in-clnttcp_create.patch
|
||||
Patch164: Remove-null-check-in-krb5_gss_duplicate_name.patch
|
||||
Patch165: Fix-KDC-crash-when-logging-PKINIT-enctypes.patch
|
||||
|
||||
License: MIT
|
||||
URL: https://web.mit.edu/kerberos/www/
|
||||
@ -729,6 +730,9 @@ exit 0
|
||||
%{_libdir}/libkadm5srv_mit.so.*
|
||||
|
||||
%changelog
|
||||
* Wed Sep 25 2019 Robbie Harwood <rharwood@redhat.com> - 1.17-45
|
||||
- Fix KDC crash when logging PKINIT enctypes (CVE-2019-14844)
|
||||
|
||||
* Thu Sep 12 2019 Robbie Harwood <rharwood@redhat.com> - 1.17-44
|
||||
- Static analyzer appeasement
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user