- fix double-close in keytab handling

- add port of fixes for CAN-2004-0175 to krb5-aware rcp
2005-06-24 20:28:25 +00:00 · 2005-06-24 20:28:25 +00:00 · 73316152b6
commit 73316152b6
parent 77a40621a2
2 changed files with 58 additions and 1 deletions
--- a/krb5-1.3.3-rcp-markus.patch
+++ b/krb5-1.3.3-rcp-markus.patch
@ -0,0 +1,46 @@
+Fix for CAN-2004-0175, based on Markus Friedl's fix for OpenSSH scp.
+
+--- krb5-1.3.3/src/appl/bsd/krcp.c	2003-05-12 18:20:15.000000000 -0400
+++ krb5-1.3.3/src/appl/bsd/krcp.c	2004-04-13 12:01:31.000000000 -0400
+@@ -1088,6 +1088,10 @@
+ 	  size = size * 10 + (*cp++ - '0');
+ 	if (*cp++ != ' ')
+ 	  SCREWUP("size not delimited");
+	if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) {
+	  error("error: unexpected filename: %s", cp);
+	  exit(1);
+	}
+ 	if (targisdir) {
+           if(strlen(targ) + strlen(cp) + 2 >= sizeof(nambuf))
+ 	    SCREWUP("target name too long");
+@@ -1101,6 +1105,8 @@
+ 	nambuf[sizeof(nambuf) - 1] = '\0';
+ 	exists = stat(nambuf, &stb) == 0;
+ 	if (cmdbuf[0] == 'D') {
+	    if (!iamrecursive)
+		SCREWUP("received directory without -r");
+ 	    if (exists) {
+ 		if ((stb.st_mode&S_IFMT) != S_IFDIR) {
+ 		    errno = ENOTDIR;
+--- krb5-1.3.3/src/appl/bsd/v4rcp.c	2002-07-12 16:21:31.000000000 -0400
+++ krb5-1.3.3/src/appl/bsd/v4rcp.c	2004-04-13 12:01:53.000000000 -0400
+@@ -801,6 +801,10 @@
+ 			size = size * 10 + (*cp++ - '0');
+ 		if (*cp++ != ' ')
+ 			SCREWUP("size not delimited");
+		if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) {
+			error("error: unexpected filename: %s", cp);
+			exit(1);
+		}
+ 		if (targisdir) {
+ 			if (strlen(targ) + strlen(cp) + 1 < sizeof(nambuf)) {
+ 				(void) sprintf(nambuf, "%s%s%s", targ,
+@@ -817,6 +821,8 @@
+ 		nambuf[sizeof(nambuf)-1] = '\0';
+ 		exists = stat(nambuf, &stb) == 0;
+ 		if (cmdbuf[0] == 'D') {
+			if (!iamrecursive)
+				SCREWUP("received directory without -r");
+ 			if (exists) {
+ 				if ((stb.st_mode&S_IFMT) != S_IFDIR) {
+ 					errno = ENOTDIR;
--- a/krb5.spec
+++ b/krb5.spec
@ -7,7 +7,7 @@
 Summary: The Kerberos network authentication system.
 Name: krb5
 Version: 1.4.1
-Release: 3
+Release: 5
 # Maybe we should explode from the now-available-to-everybody tarball instead?
 # http://web.mit.edu/kerberos/dist/krb5/1.4/krb5-1.4.1-signed.tar
 Source0: krb5-%{version}.tar.gz
@ -62,6 +62,8 @@ Patch30: krb5-1.3.4-send-pr-tempfile.patch
 Patch32: krb5-1.4-ncurses.patch
 Patch33: krb5-1.3.4-deadlock.patch
 Patch34: krb5-krshd-lehman.patch
+Patch35: krb5-1.4.1-fclose.patch
+Patch36: krb5-1.3.3-rcp-markus.patch
 License: MIT, freely distributable.
 URL: http://web.mit.edu/kerberos/www/
 Group: System Environment/Libraries
@ -126,6 +128,13 @@ network uses Kerberos, this package should be installed on every
 workstation.

 %changelog
+* Fri Jun 24 2005 Nalin Dahyabhai <nalin@redhat.com> 1.4.1-5
+- rebuild
+
+* Fri Jun 24 2005 Nalin Dahyabhai <nalin@redhat.com> 1.4.1-4
+- fix double-close in keytab handling
+- add port of fixes for CAN-2004-0175 to krb5-aware rcp
+
 * Fri May 13 2005 Nalin Dahyabhai <nalin@redhat.com> 1.4.1-3
 - prevent spurious EBADF in krshd when stdin is closed by the client while
  the command is running (#151111)
@ -829,6 +838,8 @@ workstation.
 %patch32 -p1 -b .ncurses
 %patch33 -p1 -b .deadlock
 %patch34 -p0 -b .krshd-lehman
+%patch35 -p1 -b .fclose
+%patch36 -p1 -b .rcp-markus
 cp src/krb524/README README.krb524
 find . -type f -name "*.info-dir" -exec rm -fv "{}" ";"
 gzip doc/*.ps