- fix a null pointer dereference and crash introduced in our PAM patch that

would happen if ftpd was given the name of a user who wasn't known to the local system, limited to being triggerable by gssapi-authenticated clients by the default xinetd config (Olivier Fourdan, #569472)
2010-03-03 16:09:47 +00:00 · 2010-03-03 16:09:47 +00:00 · 5ee10a1ffb
commit 5ee10a1ffb
parent d605c80ae2
2 changed files with 16 additions and 6 deletions
--- a/krb5-1.7-pam.patch
+++ b/krb5-1.7-pam.patch
@ -937,7 +937,7 @@ diff -up krb5-1.7/src/appl/gssftp/ftpd/ftpd.c krb5-1.7/src/appl/gssftp/ftpd/ftpd
 +#ifdef USE_PAM
 +		if (appl_pam_enabled(kcontext, "ftpd")) {
 +			if (appl_pam_acct_mgmt(FTP_PAM_SERVICE, 0,
-+					       pw->pw_name, "",
+					       name, "",
 +					       hostname,
 +					       NULL,
 +					       FTP_PAM_SERVICE) != 0) {
@ -971,7 +971,7 @@ diff -up krb5-1.7/src/appl/gssftp/ftpd/ftpd.c krb5-1.7/src/appl/gssftp/ftpd/ftpd
 -		if (pw == NULL || (!kpass(pw->pw_name, passwd) &&
 -				   (want_creds || !*pw->pw_passwd ||
 -				    strcmp(xpasswd, pw->pw_passwd)))) {
-+		if ((pw == NULL) ||
+		if ((pw == NULL) || (
 +#ifdef USE_PAM
 +		    appl_pam_enabled(kcontext, "ftpd") ?
 +		    (appl_pam_authenticate(FTP_PAM_SERVICE, 0,
@ -983,7 +983,7 @@ diff -up krb5-1.7/src/appl/gssftp/ftpd/ftpd.c krb5-1.7/src/appl/gssftp/ftpd/ftpd
 +		    (!kpass(pw->pw_name, passwd) &&
 +		     (want_creds ||
 +		      !*pw->pw_passwd ||
-+		      strcmp(xpasswd, pw->pw_passwd)))) {
+		      strcmp(xpasswd, pw->pw_passwd))))) {
 			pw = NULL;
 			sleep(5);
 			if (++login_attempts >= 3) {
--- a/krb5.spec
+++ b/krb5.spec
@ -7,15 +7,19 @@
 # For consistency with regular login.
 %global login_pam_service remote

+# Temporary.
+%global appl_version 1.0
+
 Summary: The Kerberos network authentication system
 Name: krb5
-Version: 1.7.1
-Release: 5%{?dist}
+Version: 1.8
+Release: 0%{?dist}
 # Maybe we should explode from the now-available-to-everybody tarball instead?
 # http://web.mit.edu/kerberos/dist/krb5/1.7/krb5-1.7.1-signed.tar
 Source0: krb5-%{version}.tar.gz
 Source1: krb5-%{version}.tar.gz.asc
 Source2: kpropd.init
+Source3: krb5-appl-%{appl_version}.tar.gz
 Source4: kadmind.init
 Source5: krb5kdc.init
 Source6: krb5.conf
@ -224,7 +228,7 @@ to obtain initial credentials from a KDC using a private key and a
 certificate.

 %prep
-%setup -q -a 23
+%setup -q -a 3 -a 23
 ln -s README LICENSE
 pushd src
 %patch60 -p2 -b .pam
@ -850,6 +854,12 @@ exit 0
 %{krb5prefix}/sbin/uuserver

 %changelog
+* Wed Mar  3 2010 Nalin Dahyabhai <nalin@redhat.com> - 1.7.1-6
+- fix a null pointer dereference and crash introduced in our PAM patch that
+  would happen if ftpd was given the name of a user who wasn't known to the
+  local system, limited to being triggerable by gssapi-authenticated clients by
+  the default xinetd config (Olivier Fourdan, #569472)
+
 * Tue Mar  2 2010 Nalin Dahyabhai <nalin@redhat.com> - 1.7.1-5
 - fix a regression (not labeling a kdb database lock file correctly, #569902)