rpms/krb5
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- fix a null pointer dereference and crash introduced in our PAM patch that

Browse Source 
would happen if ftpd was given the name of a user who wasn't known to
    the local system, limited to being triggerable by gssapi-authenticated
    clients by the default xinetd config (Olivier Fourdan, #569472)
This commit is contained in:
Nalin Dahyabhai 2010-03-03 16:09:47 +00:00
parent d605c80ae2
commit 5ee10a1ffb
2 changed files with 16 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
krb5-1.7-pam.patch
View File

@ -937,7 +937,7 @@ diff -up krb5-1.7/src/appl/gssftp/ftpd/ftpd.c krb5-1.7/src/appl/gssftp/ftpd/ftpd
+#ifdef USE_PAM +#ifdef USE_PAM
+ if (appl_pam_enabled(kcontext, "ftpd")) { + if (appl_pam_enabled(kcontext, "ftpd")) {
+ if (appl_pam_acct_mgmt(FTP_PAM_SERVICE, 0, + if (appl_pam_acct_mgmt(FTP_PAM_SERVICE, 0,
+ pw->pw_name, "", + name, "",
+ hostname, + hostname,
+ NULL, + NULL,
+ FTP_PAM_SERVICE) != 0) { + FTP_PAM_SERVICE) != 0) {
@ -971,7 +971,7 @@ diff -up krb5-1.7/src/appl/gssftp/ftpd/ftpd.c krb5-1.7/src/appl/gssftp/ftpd/ftpd
- if (pw == NULL || (!kpass(pw->pw_name, passwd) && - if (pw == NULL || (!kpass(pw->pw_name, passwd) &&
- (want_creds || !*pw->pw_passwd || - (want_creds || !*pw->pw_passwd ||
- strcmp(xpasswd, pw->pw_passwd)))) { - strcmp(xpasswd, pw->pw_passwd)))) {
+ if ((pw == NULL) || + if ((pw == NULL) || (
+#ifdef USE_PAM +#ifdef USE_PAM
+ appl_pam_enabled(kcontext, "ftpd") ? + appl_pam_enabled(kcontext, "ftpd") ?
+ (appl_pam_authenticate(FTP_PAM_SERVICE, 0, + (appl_pam_authenticate(FTP_PAM_SERVICE, 0,
@ -983,7 +983,7 @@ diff -up krb5-1.7/src/appl/gssftp/ftpd/ftpd.c krb5-1.7/src/appl/gssftp/ftpd/ftpd
+ (!kpass(pw->pw_name, passwd) && + (!kpass(pw->pw_name, passwd) &&
+ (want_creds || + (want_creds ||
+ !*pw->pw_passwd || + !*pw->pw_passwd ||
+ strcmp(xpasswd, pw->pw_passwd)))) { + strcmp(xpasswd, pw->pw_passwd))))) {
pw = NULL; pw = NULL;
sleep(5); sleep(5);
if (++login_attempts >= 3) { if (++login_attempts >= 3) {

16
krb5.spec
View File

@ -7,15 +7,19 @@
# For consistency with regular login. # For consistency with regular login.
%global login_pam_service remote %global login_pam_service remote
# Temporary.
%global appl_version 1.0
Summary: The Kerberos network authentication system Summary: The Kerberos network authentication system
Name: krb5 Name: krb5
Version: 1.7.1 Version: 1.8
Release: 5%{?dist} Release: 0%{?dist}
# Maybe we should explode from the now-available-to-everybody tarball instead? # Maybe we should explode from the now-available-to-everybody tarball instead?
# http://web.mit.edu/kerberos/dist/krb5/1.7/krb5-1.7.1-signed.tar # http://web.mit.edu/kerberos/dist/krb5/1.7/krb5-1.7.1-signed.tar
Source0: krb5-%{version}.tar.gz Source0: krb5-%{version}.tar.gz
Source1: krb5-%{version}.tar.gz.asc Source1: krb5-%{version}.tar.gz.asc
Source2: kpropd.init Source2: kpropd.init
Source3: krb5-appl-%{appl_version}.tar.gz
Source4: kadmind.init Source4: kadmind.init
Source5: krb5kdc.init Source5: krb5kdc.init
Source6: krb5.conf Source6: krb5.conf
@ -224,7 +228,7 @@ to obtain initial credentials from a KDC using a private key and a
certificate. certificate.
%prep %prep
%setup -q -a 23 %setup -q -a 3 -a 23
ln -s README LICENSE ln -s README LICENSE
pushd src pushd src
%patch60 -p2 -b .pam %patch60 -p2 -b .pam
@ -850,6 +854,12 @@ exit 0
%{krb5prefix}/sbin/uuserver %{krb5prefix}/sbin/uuserver
%changelog %changelog
* Wed Mar 3 2010 Nalin Dahyabhai <nalin@redhat.com> - 1.7.1-6
- fix a null pointer dereference and crash introduced in our PAM patch that
would happen if ftpd was given the name of a user who wasn't known to the
local system, limited to being triggerable by gssapi-authenticated clients by
the default xinetd config (Olivier Fourdan, #569472)
* Tue Mar 2 2010 Nalin Dahyabhai <nalin@redhat.com> - 1.7.1-5 * Tue Mar 2 2010 Nalin Dahyabhai <nalin@redhat.com> - 1.7.1-5
- fix a regression (not labeling a kdb database lock file correctly, #569902) - fix a regression (not labeling a kdb database lock file correctly, #569902)