From 73316152b6bb329d0b125e892d1be51876099bf1 Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai Date: Fri, 24 Jun 2005 20:28:25 +0000 Subject: [PATCH] - fix double-close in keytab handling - add port of fixes for CAN-2004-0175 to krb5-aware rcp --- krb5-1.3.3-rcp-markus.patch | 46 +++++++++++++++++++++++++++++++++++++ krb5.spec | 13 ++++++++++- 2 files changed, 58 insertions(+), 1 deletion(-) create mode 100644 krb5-1.3.3-rcp-markus.patch diff --git a/krb5-1.3.3-rcp-markus.patch b/krb5-1.3.3-rcp-markus.patch new file mode 100644 index 0000000..8ef0233 --- /dev/null +++ b/krb5-1.3.3-rcp-markus.patch @@ -0,0 +1,46 @@ +Fix for CAN-2004-0175, based on Markus Friedl's fix for OpenSSH scp. + +--- krb5-1.3.3/src/appl/bsd/krcp.c 2003-05-12 18:20:15.000000000 -0400 ++++ krb5-1.3.3/src/appl/bsd/krcp.c 2004-04-13 12:01:31.000000000 -0400 +@@ -1088,6 +1088,10 @@ + size = size * 10 + (*cp++ - '0'); + if (*cp++ != ' ') + SCREWUP("size not delimited"); ++ if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) { ++ error("error: unexpected filename: %s", cp); ++ exit(1); ++ } + if (targisdir) { + if(strlen(targ) + strlen(cp) + 2 >= sizeof(nambuf)) + SCREWUP("target name too long"); +@@ -1101,6 +1105,8 @@ + nambuf[sizeof(nambuf) - 1] = '\0'; + exists = stat(nambuf, &stb) == 0; + if (cmdbuf[0] == 'D') { ++ if (!iamrecursive) ++ SCREWUP("received directory without -r"); + if (exists) { + if ((stb.st_mode&S_IFMT) != S_IFDIR) { + errno = ENOTDIR; +--- krb5-1.3.3/src/appl/bsd/v4rcp.c 2002-07-12 16:21:31.000000000 -0400 ++++ krb5-1.3.3/src/appl/bsd/v4rcp.c 2004-04-13 12:01:53.000000000 -0400 +@@ -801,6 +801,10 @@ + size = size * 10 + (*cp++ - '0'); + if (*cp++ != ' ') + SCREWUP("size not delimited"); ++ if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) { ++ error("error: unexpected filename: %s", cp); ++ exit(1); ++ } + if (targisdir) { + if (strlen(targ) + strlen(cp) + 1 < sizeof(nambuf)) { + (void) sprintf(nambuf, "%s%s%s", targ, +@@ -817,6 +821,8 @@ + nambuf[sizeof(nambuf)-1] = '\0'; + exists = stat(nambuf, &stb) == 0; + if (cmdbuf[0] == 'D') { ++ if (!iamrecursive) ++ SCREWUP("received directory without -r"); + if (exists) { + if ((stb.st_mode&S_IFMT) != S_IFDIR) { + errno = ENOTDIR; diff --git a/krb5.spec b/krb5.spec index 67f0ca0..edf433f 100644 --- a/krb5.spec +++ b/krb5.spec @@ -7,7 +7,7 @@ Summary: The Kerberos network authentication system. Name: krb5 Version: 1.4.1 -Release: 3 +Release: 5 # Maybe we should explode from the now-available-to-everybody tarball instead? # http://web.mit.edu/kerberos/dist/krb5/1.4/krb5-1.4.1-signed.tar Source0: krb5-%{version}.tar.gz @@ -62,6 +62,8 @@ Patch30: krb5-1.3.4-send-pr-tempfile.patch Patch32: krb5-1.4-ncurses.patch Patch33: krb5-1.3.4-deadlock.patch Patch34: krb5-krshd-lehman.patch +Patch35: krb5-1.4.1-fclose.patch +Patch36: krb5-1.3.3-rcp-markus.patch License: MIT, freely distributable. URL: http://web.mit.edu/kerberos/www/ Group: System Environment/Libraries @@ -126,6 +128,13 @@ network uses Kerberos, this package should be installed on every workstation. %changelog +* Fri Jun 24 2005 Nalin Dahyabhai 1.4.1-5 +- rebuild + +* Fri Jun 24 2005 Nalin Dahyabhai 1.4.1-4 +- fix double-close in keytab handling +- add port of fixes for CAN-2004-0175 to krb5-aware rcp + * Fri May 13 2005 Nalin Dahyabhai 1.4.1-3 - prevent spurious EBADF in krshd when stdin is closed by the client while the command is running (#151111) @@ -829,6 +838,8 @@ workstation. %patch32 -p1 -b .ncurses %patch33 -p1 -b .deadlock %patch34 -p0 -b .krshd-lehman +%patch35 -p1 -b .fclose +%patch36 -p1 -b .rcp-markus cp src/krb524/README README.krb524 find . -type f -name "*.info-dir" -exec rm -fv "{}" ";" gzip doc/*.ps