- incorporate upstream patch to fix uninitialized pointer crash in the KDC's authorization data handling (CVE-2010-1322, #636335)

This commit is contained in:
Nalin Dahyabhai 2010-10-05 15:29:32 -04:00
parent e84327e216
commit 60f5ea8eaf
2 changed files with 41 additions and 1 deletions

34
krb5-1.8.x-authdata.patch Normal file
View File

@ -0,0 +1,34 @@
Candidate fix for CVE-2010-1322.
diff -up krb5/src/kdc/kdc_authdata.c krb5/src/kdc/kdc_authdata.c
--- krb5/src/kdc/kdc_authdata.c 2010-09-22 16:01:55.196827943 -0400
+++ krb5/src/kdc/kdc_authdata.c 2010-09-22 16:01:58.282828001 -0400
@@ -495,7 +495,7 @@ merge_authdata (krb5_context context,
krb5_boolean copy,
krb5_boolean ignore_kdc_issued)
{
- size_t i, nadata = 0;
+ size_t i, j, nadata = 0;
krb5_authdata **authdata = *out_authdata;
if (in_authdata == NULL || in_authdata[0] == NULL)
@@ -529,16 +529,16 @@ merge_authdata (krb5_context context,
in_authdata = tmp;
}
- for (i = 0; in_authdata[i] != NULL; i++) {
+ for (i = 0, j = 0; in_authdata[i] != NULL; i++) {
if (ignore_kdc_issued &&
is_kdc_issued_authdatum(context, in_authdata[i], 0)) {
free(in_authdata[i]->contents);
free(in_authdata[i]);
} else
- authdata[nadata + i] = in_authdata[i];
+ authdata[nadata + j++] = in_authdata[i];
}
- authdata[nadata + i] = NULL;
+ authdata[nadata + j] = NULL;
free(in_authdata);

View File

@ -5,7 +5,7 @@
Summary: The Kerberos network authentication system Summary: The Kerberos network authentication system
Name: krb5 Name: krb5
Version: 1.8.3 Version: 1.8.3
Release: 7%{?dist} Release: 8%{?dist}
# Maybe we should explode from the now-available-to-everybody tarball instead? # Maybe we should explode from the now-available-to-everybody tarball instead?
# http://web.mit.edu/kerberos/dist/krb5/1.8/krb5-1.8.3-signed.tar # http://web.mit.edu/kerberos/dist/krb5/1.8/krb5-1.8.3-signed.tar
Source0: krb5-%{version}.tar.gz Source0: krb5-%{version}.tar.gz
@ -51,6 +51,7 @@ Patch72: krb5-trunk-explife.patch
Patch73: krb5-trunk-key_usage.patch Patch73: krb5-trunk-key_usage.patch
Patch74: krb5-trunk-signed.patch Patch74: krb5-trunk-signed.patch
Patch75: krb5-trunk-k5login.patch Patch75: krb5-trunk-k5login.patch
Patch76: krb5-1.8.x-authdata.patch
License: MIT License: MIT
URL: http://web.mit.edu/kerberos/www/ URL: http://web.mit.edu/kerberos/www/
@ -192,6 +193,7 @@ ln -s NOTICE LICENSE
%patch73 -p0 -b .key_usage %patch73 -p0 -b .key_usage
%patch74 -p0 -b .signed %patch74 -p0 -b .signed
%patch75 -p1 -b .k5login %patch75 -p1 -b .k5login
%patch76 -p1 -b .authdata
gzip doc/*.ps gzip doc/*.ps
sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' doc/api/library.tex sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' doc/api/library.tex
@ -643,6 +645,10 @@ exit 0
%{_sbindir}/uuserver %{_sbindir}/uuserver
%changelog %changelog
* Tue Oct 5 2010 Nalin Dahyabhai <nalin@redhat.com> 1.8.3-8
- incorporate upstream patch to fix uninitialized pointer crash in the KDC's
authorization data handling (CVE-2010-1322, #636335)
* Mon Oct 4 2010 Nalin Dahyabhai <nalin@redhat.com> 1.8.3-7 * Mon Oct 4 2010 Nalin Dahyabhai <nalin@redhat.com> 1.8.3-7
- rebuild - rebuild