From 795e5e14a6df5cdaa7801c52675bd929f740dd39 Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai Date: Mon, 4 Jan 2010 15:56:24 +0000 Subject: [PATCH] - add upstream patch for KDC crash during referral processing (CVE-2009-3295), via Tom Yu --- 2009-003-patch.txt | 27 +++++++++++++++++++++++++++ krb5.spec | 8 +++++++- 2 files changed, 34 insertions(+), 1 deletion(-) create mode 100644 2009-003-patch.txt diff --git a/2009-003-patch.txt b/2009-003-patch.txt new file mode 100644 index 0000000..0319cd1 --- /dev/null +++ b/2009-003-patch.txt @@ -0,0 +1,27 @@ +diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c +index 298e132..12180ff 100644 +--- a/src/kdc/do_tgs_req.c ++++ b/src/kdc/do_tgs_req.c +@@ -1158,7 +1158,7 @@ prep_reprocess_req(krb5_kdc_req *request, krb5_principal *krbtgt_princ) + free(temp_buf); + if (retval) { + /* no match found */ +- kdc_err(kdc_context, retval, 0); ++ kdc_err(kdc_context, retval, "unable to find realm of host"); + goto cleanup; + } + if (realms == 0) { +diff --git a/src/lib/kadm5/logger.c b/src/lib/kadm5/logger.c +index efff818..ef3735a 100644 +--- a/src/lib/kadm5/logger.c ++++ b/src/lib/kadm5/logger.c +@@ -188,6 +188,9 @@ klog_com_err_proc(const char *whoami, long int code, const char *format, va_list + char *cp; + char *syslogp; + ++ if (whoami == NULL || format == NULL) ++ return; ++ + /* Make the header */ + snprintf(outbuf, sizeof(outbuf), "%s: ", whoami); + /* diff --git a/krb5.spec b/krb5.spec index 1dc7c14..a83d835 100644 --- a/krb5.spec +++ b/krb5.spec @@ -10,7 +10,7 @@ Summary: The Kerberos network authentication system Name: krb5 Version: 1.7 -Release: 14%{?dist} +Release: 15%{?dist} # Maybe we should explode from the now-available-to-everybody tarball instead? # http://web.mit.edu/kerberos/dist/krb5/1.7/krb5-1.7-signed.tar Source0: krb5-%{version}.tar.gz @@ -80,6 +80,7 @@ Patch88: krb5-1.7-sizeof.patch Patch89: krb5-1.7-largefile.patch Patch90: krb5-1.7-openssl-1.0.patch Patch91: krb5-1.7-spnego-deleg.patch +Patch92: http://web.mit.edu/kerberos/advisories/2009-003-patch.txt License: MIT URL: http://web.mit.edu/kerberos/www/ @@ -216,6 +217,10 @@ to obtain initial credentials from a KDC using a private key and a certificate. %changelog +* Mon Jan 4 2010 Nalin Dahyabhai - 1.7-15 +- add upstream patch for KDC crash during referral processing (CVE-2009-3295), + via Tom Yu + * Mon Dec 21 2009 Nalin Dahyabhai - 1.7-14 - refresh patch for #542868 from trunk @@ -1520,6 +1525,7 @@ popd %patch89 -p1 -b .largefile %patch90 -p0 -b .openssl-1.0 %patch91 -p0 -b .spnego-deleg +%patch92 -p1 -b .2009-003 gzip doc/*.ps sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' doc/api/library.tex