import UBI krb5-1.21.3-9.el10_1
This commit is contained in:
AlmaLinux RelEng Bot
parent
b9d1b7c94d
commit
297f069b69
44
0039-Fix-uninitialized-pointer-dereference-in-libkrad.patch
Normal file
44
0039-Fix-uninitialized-pointer-dereference-in-libkrad.patch
Normal file
@ -0,0 +1,44 @@
|
||||
From 38074663f9c4d2f5f561f253bd8f7d29120513cc Mon Sep 17 00:00:00 2001
|
||||
From: Julien Rische <jrische@redhat.com>
|
||||
Date: Wed, 21 Jan 2026 11:31:39 +0100
|
||||
Subject: [PATCH] Fix uninitialized pointer dereference in libkrad
|
||||
|
||||
Commit 871125fea8ce0370a972bf65f7d1de63f619b06c changed
|
||||
krad_packet_decode_request() to use a local variable "req" to hold the
|
||||
decoded packet until it is verified, instead of immediately storing
|
||||
into the caller's *reqpkt. The code to check for duplicate packets
|
||||
erroneously continues to use *reqpkt, causing a read dereference of
|
||||
whatever was in *reqpkt on entry to the function (typically null or an
|
||||
uninitialized value). Fix the code to use req instead of *reqpkt.
|
||||
|
||||
This bug does not affect the KDC (which only uses libkrad as a
|
||||
client), but can crash external software using libkrad as a server if
|
||||
it ever processes more than one packet at a time.
|
||||
|
||||
[ghudson@mit.edu: edited commit message]
|
||||
|
||||
ticket: 9193 (new)
|
||||
tags: pullup
|
||||
target_version: 1.22-next
|
||||
|
||||
(cherry picked from commit f74a1b3fcde44cfa0d487973fd47a943cda49dc8)
|
||||
---
|
||||
src/lib/krad/packet.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/lib/krad/packet.c b/src/lib/krad/packet.c
|
||||
index b95c99df65..79b8e87f8c 100644
|
||||
--- a/src/lib/krad/packet.c
|
||||
+++ b/src/lib/krad/packet.c
|
||||
@@ -575,7 +575,7 @@ krad_packet_decode_request(krb5_context ctx, const char *secret,
|
||||
|
||||
if (cb != NULL) {
|
||||
for (tmp = (*cb)(data, FALSE); tmp != NULL; tmp = (*cb)(data, FALSE)) {
|
||||
- if (pkt_id_get(*reqpkt) == pkt_id_get(tmp))
|
||||
+ if (pkt_id_get(req) == pkt_id_get(tmp))
|
||||
break;
|
||||
}
|
||||
|
||||
--
|
||||
2.51.1
|
||||
|
||||
@ -10,7 +10,7 @@
|
||||
#
|
||||
# baserelease is what we have standardized across Fedora and what
|
||||
# rpmdev-bumpspec knows how to handle.
|
||||
%global baserelease 8
|
||||
%global baserelease 9
|
||||
|
||||
# This should be e.g. beta1 or %%nil
|
||||
%global pre_release %nil
|
||||
@ -97,6 +97,7 @@ Patch0035: 0035-Don-t-issue-session-keys-with-deprecated-enctypes.patch
|
||||
Patch0036: 0036-downstream-Remove-3des-support-cumulative-1.patch
|
||||
Patch0037: 0037-Add-PKINIT-paChecksum2-from-MS-PKCA-v20230920.patch
|
||||
Patch0038: 0038-downstream-Do-not-block-HMAC-MD4-5-in-FIPS-mode.patch
|
||||
Patch0039: 0039-Fix-uninitialized-pointer-dereference-in-libkrad.patch
|
||||
|
||||
License: Brian-Gladman-2-Clause AND BSD-2-Clause AND (BSD-2-Clause OR GPL-2.0-or-later) AND BSD-2-Clause-first-lines AND BSD-3-Clause AND BSD-4-Clause AND CMU-Mach-nodoc AND FSFULLRWD AND HPND AND HPND-export2-US AND HPND-export-US AND HPND-export-US-acknowledgement AND HPND-export-US-modify AND ISC AND MIT AND MIT-CMU AND OLDAP-2.8 AND OpenVision
|
||||
URL: https://web.mit.edu/kerberos/www/
|
||||
@ -738,6 +739,10 @@ exit 0
|
||||
%{_datarootdir}/%{name}-tests/%{_arch}
|
||||
|
||||
%changelog
|
||||
* Thu Feb 19 2026 Julien Rische <jrische@redhat.com> - 1.21.3-9
|
||||
- krad: packet ID fetched from uninitialized variable
|
||||
Resolves: RHEL-150954
|
||||
|
||||
* Mon Apr 28 2025 Julien Rische <jrische@redhat.com> - 1.21.3-8
|
||||
- Do not block HMAC-MD4/5 in FIPS mode
|
||||
Resolves: RHEL-88705
|
||||
|
||||
Loading…
Reference in New Issue
Block a user