drop patch for CVE-2014-4344, included in 1.12.2
This commit is contained in:
Nalin Dahyabhai
parent
b234a3d334
commit
7880fca0ad
@ -1,44 +0,0 @@
|
||||
commit 524688ce87a15fc75f87efc8c039ba4c7d5c197b
|
||||
Author: Greg Hudson <ghudson@mit.edu>
|
||||
Date: Tue Jul 15 12:56:01 2014 -0400
|
||||
|
||||
Fix null deref in SPNEGO acceptor [CVE-2014-4344]
|
||||
|
||||
When processing a continuation token, acc_ctx_cont was dereferencing
|
||||
the initial byte of the token without checking the length. This could
|
||||
result in a null dereference.
|
||||
|
||||
CVE-2014-4344:
|
||||
|
||||
In MIT krb5 1.5 and newer, an unauthenticated or partially
|
||||
authenticated remote attacker can cause a NULL dereference and
|
||||
application crash during a SPNEGO negotiation by sending an empty
|
||||
token as the second or later context token from initiator to acceptor.
|
||||
The attacker must provide at least one valid context token in the
|
||||
security context negotiation before sending the empty token. This can
|
||||
be done by an unauthenticated attacker by forcing SPNEGO to
|
||||
renegotiate the underlying mechanism, or by using IAKERB to wrap an
|
||||
unauthenticated AS-REQ as the first token.
|
||||
|
||||
CVSSv2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:POC/RL:OF/RC:C
|
||||
|
||||
[kaduk@mit.edu: CVE summary, CVSSv2 vector]
|
||||
|
||||
ticket: 7970 (new)
|
||||
subject: NULL dereference in SPNEGO acceptor for continuation tokens [CVE-2014-4344]
|
||||
target_version: 1.12.2
|
||||
tags: pullup
|
||||
|
||||
diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c
|
||||
index 8f829d8..2aa6810 100644
|
||||
--- a/src/lib/gssapi/spnego/spnego_mech.c
|
||||
+++ b/src/lib/gssapi/spnego/spnego_mech.c
|
||||
@@ -1468,7 +1468,7 @@ acc_ctx_cont(OM_uint32 *minstat,
|
||||
|
||||
ptr = bufstart = buf->value;
|
||||
#define REMAIN (buf->length - (ptr - bufstart))
|
||||
- if (REMAIN > INT_MAX)
|
||||
+ if (REMAIN == 0 || REMAIN > INT_MAX)
|
||||
return GSS_S_DEFECTIVE_TOKEN;
|
||||
|
||||
/*
|
||||
@ -98,7 +98,6 @@ Patch139: krb5-master-rcache-acquirecred-source.patch
|
||||
Patch141: krb5-master-rcache-acquirecred-test.patch
|
||||
Patch142: krb5-master-move-otp-sockets.patch
|
||||
Patch145: krb5-master-mechd.patch
|
||||
Patch149: krb5-gssapi-spnego-deref.patch
|
||||
Patch150: http://web.mit.edu/kerberos/advisories/2014-001-patch.txt
|
||||
Patch151: http://web.mit.edu/kerberos/advisories/2014-001-patch.txt.asc
|
||||
Patch201: 0001-In-ksu-merge-krb5_ccache_copy-and-_restricted.patch
|
||||
@ -348,7 +347,6 @@ ln -s NOTICE LICENSE
|
||||
%patch141 -p1 -b .rcache-acquirecred-test
|
||||
%patch142 -p1 -b .move-otp-sockets
|
||||
%patch145 -p1 -b .master-mechd
|
||||
%patch149 -p1 -b .gssapi-spnego-deref
|
||||
%patch150 -p1 -b .2014-001
|
||||
|
||||
# Take the execute bit off of documentation.
|
||||
@ -1037,6 +1035,7 @@ exit 0
|
||||
- drop patch for RT#7926, fixed in 1.12.2
|
||||
- drop patches for CVE-2014-4341/CVE-2014-4342, included in 1.12.2
|
||||
- drop patch for CVE-2014-4343, included in 1.12.2
|
||||
- drop patch for CVE-2014-4344, included in 1.12.2
|
||||
- replace older proposed changes for ksu with backports of the changes
|
||||
after review and merging upstream (#1015559, #1026099, #1118347)
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user