rpms/krb5
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Drop backport for RT#7643

Browse Source
This commit is contained in:
Nalin Dahyabhai 2013-10-15 17:24:14 -04:00
parent a2e5f1f872
commit 25fe69d885
2 changed files with 1 additions and 124 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

122
krb5-1.11.2-arcfour_short.patch
View File

@ -1,122 +0,0 @@
Needed by tests for empty-password cases.
commit 1e123231769fe640f446442cb210664d280ccbac
Author: Greg Hudson <ghudson@mit.edu>
Date: Fri May 24 13:16:52 2013 -0400
Fix rc4 string-to-key on unterminated inputs
The internal UTF-8 to UCS-2 conversion functions did not properly
respect their length arguments, instead assuming that the input string
is terminated with a zero bytes. As a result,
krb5int_arcfour_string_to_key could fail on unterminated inputs. Fix
the underlying support functions to read their inputs only up to the
specified length.
ticket: 7643 (new)
diff --git a/src/util/support/utf8_conv.c b/src/util/support/utf8_conv.c
index d580bbc..b8bf989 100644
--- a/src/util/support/utf8_conv.c
+++ b/src/util/support/utf8_conv.c
@@ -78,7 +78,8 @@ k5_utf8s_to_ucs2s(krb5_ucs2 *ucs2str,
/* If input ptr is NULL or empty... */
if (utf8str == NULL || *utf8str == '\0') {
- *ucs2str = 0;
+ if (ucs2str != NULL)
+ *ucs2str = 0;
return 0;
}
@@ -119,9 +120,7 @@ k5_utf8s_to_ucs2s(krb5_ucs2 *ucs2str,
ucs2len++; /* Count number of wide chars stored/required */
}
- assert(ucs2len < count);
-
- if (ucs2str != NULL) {
+ if (ucs2str != NULL && ucs2len < count) {
/* Add null terminator if there's room in the buffer. */
ucs2str[ucs2len] = 0;
}
@@ -172,12 +171,13 @@ krb5int_utf8cs_to_ucs2s(const char *utf8s,
return ENOMEM;
}
- len = k5_utf8s_to_ucs2s(*ucs2s, utf8s, chars + 1, 0);
+ len = k5_utf8s_to_ucs2s(*ucs2s, utf8s, chars, 0);
if (len < 0) {
free(*ucs2s);
*ucs2s = NULL;
return EINVAL;
}
+ (*ucs2s)[chars] = 0;
if (ucs2chars != NULL) {
*ucs2chars = chars;
@@ -223,21 +223,23 @@ krb5int_utf8cs_to_ucs2les(const char *utf8s,
{
ssize_t len;
size_t chars;
+ krb5_ucs2 *ucs2s;
- chars = krb5int_utf8c_chars(utf8s, utf8slen);
+ *ucs2les = NULL;
- *ucs2les = (unsigned char *)malloc((chars + 1) * sizeof(krb5_ucs2));
- if (*ucs2les == NULL) {
+ chars = krb5int_utf8c_chars(utf8s, utf8slen);
+ ucs2s = malloc((chars + 1) * sizeof(krb5_ucs2));
+ if (ucs2s == NULL)
return ENOMEM;
- }
- len = k5_utf8s_to_ucs2s((krb5_ucs2 *)*ucs2les, utf8s, chars + 1, 1);
+ len = k5_utf8s_to_ucs2s(ucs2s, utf8s, chars, 1);
if (len < 0) {
- free(*ucs2les);
- *ucs2les = NULL;
+ free(ucs2s);
return EINVAL;
}
+ ucs2s[chars] = 0;
+ *ucs2les = (unsigned char *)ucs2s;
if (ucs2leslen != NULL) {
*ucs2leslen = chars * sizeof(krb5_ucs2);
}
@@ -402,13 +404,14 @@ krb5int_ucs2cs_to_utf8s(const krb5_ucs2 *ucs2s,
return ENOMEM;
}
- len = k5_ucs2s_to_utf8s(*utf8s, (krb5_ucs2 *)ucs2s,
- (size_t)len + 1, (ssize_t)ucs2slen, 0);
+ len = k5_ucs2s_to_utf8s(*utf8s, (krb5_ucs2 *)ucs2s, (size_t)len,
+ (ssize_t)ucs2slen, 0);
if (len < 0) {
free(*utf8s);
*utf8s = NULL;
return EINVAL;
}
+ (*utf8s)[len] = '\0';
if (utf8slen != NULL) {
*utf8slen = len;
@@ -438,13 +441,14 @@ krb5int_ucs2lecs_to_utf8s(const unsigned char *ucs2les,
return ENOMEM;
}
- len = k5_ucs2s_to_utf8s(*utf8s, (krb5_ucs2 *)ucs2les,
- (size_t)len + 1, (ssize_t)ucs2leslen, 1);
+ len = k5_ucs2s_to_utf8s(*utf8s, (krb5_ucs2 *)ucs2les, (size_t)len,
+ (ssize_t)ucs2leslen, 1);
if (len < 0) {
free(*utf8s);
*utf8s = NULL;
return EINVAL;
}
+ (*utf8s)[len] = '\0';
if (utf8slen != NULL) {
*utf8slen = len;

3
krb5.spec
View File

@ -88,7 +88,6 @@ Patch63: krb5-1.12-selinux-label.patch
Patch71: krb5-1.11-dirsrv-accountlock.patch Patch71: krb5-1.11-dirsrv-accountlock.patch
Patch86: krb5-1.9-debuginfo.patch Patch86: krb5-1.9-debuginfo.patch
Patch105: krb5-kvno-230379.patch Patch105: krb5-kvno-230379.patch
Patch124: krb5-1.11.2-arcfour_short.patch
Patch125: krb5-1.11.2-skew1.patch Patch125: krb5-1.11.2-skew1.patch
Patch126: krb5-1.11.2-skew2.patch Patch126: krb5-1.11.2-skew2.patch
Patch127: krb5-master-test_gss_no_udp.patch Patch127: krb5-master-test_gss_no_udp.patch
@ -317,7 +316,6 @@ ln -s NOTICE LICENSE
%patch71 -p1 -b .dirsrv-accountlock %{?_rawbuild} %patch71 -p1 -b .dirsrv-accountlock %{?_rawbuild}
%patch86 -p0 -b .debuginfo %patch86 -p0 -b .debuginfo
%patch105 -p1 -b .kvno %patch105 -p1 -b .kvno
%patch124 -p1 -b .arcfour_short
%patch125 -p1 -b .skew1 %patch125 -p1 -b .skew1
%patch126 -p1 -b .skew2 %patch126 -p1 -b .skew2
%patch127 -p1 -b .test_gss_no_udp %patch127 -p1 -b .test_gss_no_udp
@ -1029,6 +1027,7 @@ exit 0
- drop backport for RT#7598 - drop backport for RT#7598
- drop backport for RT#7172 - drop backport for RT#7172
- drop backport for RT#7642 - drop backport for RT#7642
- drop backport for RT#7643
* Wed Oct 16 2013 Nalin Dahyabhai <nalin@redhat.com> - 1.11.3-26 * Wed Oct 16 2013 Nalin Dahyabhai <nalin@redhat.com> - 1.11.3-26
- create and own /etc/gss (#1019937) - create and own /etc/gss (#1019937)