merge fixes for MITKRB5-SA-2005-002 and MITKRB5-SA-2005-003
This commit is contained in:
parent
73316152b6
commit
80238a2fd8
30
krb5-1.4.1-api.patch
Normal file
30
krb5-1.4.1-api.patch
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
Reference docs don't define what happens if you call krb5_realm_compare() with
|
||||||
|
malformed krb5_principal structures. Define a behavior which keeps it from
|
||||||
|
crashing if applications don't check ahead of time.
|
||||||
|
|
||||||
|
--- krb5-1.4.1/src/lib/krb5/krb/princ_comp.c 2002-09-02 21:13:46.000000000 -0400
|
||||||
|
+++ krb5-1.4.1/src/lib/krb5/krb/princ_comp.c 2005-06-29 13:56:55.000000000 -0400
|
||||||
|
@@ -33,6 +33,13 @@
|
||||||
|
krb5_boolean KRB5_CALLCONV
|
||||||
|
krb5_realm_compare(krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2)
|
||||||
|
{
|
||||||
|
+ if ((princ1 == NULL) || (princ2 == NULL))
|
||||||
|
+ return FALSE;
|
||||||
|
+
|
||||||
|
+ if ((krb5_princ_realm(context, princ1) == NULL) ||
|
||||||
|
+ (krb5_princ_realm(context, princ2) == NULL))
|
||||||
|
+ return FALSE;
|
||||||
|
+
|
||||||
|
if (krb5_princ_realm(context, princ1)->length !=
|
||||||
|
krb5_princ_realm(context, princ2)->length ||
|
||||||
|
memcmp (krb5_princ_realm(context, princ1)->data,
|
||||||
|
@@ -49,6 +56,9 @@
|
||||||
|
register int i;
|
||||||
|
krb5_int32 nelem;
|
||||||
|
|
||||||
|
+ if ((princ1 == NULL) || (princ2 == NULL))
|
||||||
|
+ return FALSE;
|
||||||
|
+
|
||||||
|
nelem = krb5_princ_size(context, princ1);
|
||||||
|
if (nelem != krb5_princ_size(context, princ2))
|
||||||
|
return FALSE;
|
164
krb5-1.4.1-telnet-environ.patch
Normal file
164
krb5-1.4.1-telnet-environ.patch
Normal file
@ -0,0 +1,164 @@
|
|||||||
|
Port of fixes originally made to the NetKit telnet client.
|
||||||
|
|
||||||
|
Previous behavior:
|
||||||
|
Well-defined or exported variables are sent to the server on initial connect.
|
||||||
|
The "environ list" command prints "*" before these variable names.
|
||||||
|
Other variables are sent to the server if it requests them.
|
||||||
|
The "environ list" command prints " " before these variable names.
|
||||||
|
New behavior:
|
||||||
|
Well-defined variables are sent to the server on initial connect.
|
||||||
|
The "environ list" command prints "*" before these variable names.
|
||||||
|
Exported variables are sent to the server on initial connect.
|
||||||
|
The "environ list" command prints "+" before these variable names.
|
||||||
|
Other variables are NOT sent to the server.
|
||||||
|
The "environ list" command prints " " before these variable names.
|
||||||
|
|
||||||
|
diff -uNr krb5-1.4.1/src/appl/telnet/telnet/authenc.c krb5-1.4.1/src/appl/telnet/telnet/authenc.c
|
||||||
|
--- krb5-1.4.1/src/appl/telnet/telnet/authenc.c 2002-11-15 15:21:34.000000000 -0500
|
||||||
|
+++ krb5-1.4.1/src/appl/telnet/telnet/authenc.c 2005-06-29 21:06:39.000000000 -0400
|
||||||
|
@@ -83,13 +83,6 @@
|
||||||
|
}
|
||||||
|
|
||||||
|
char *
|
||||||
|
-telnet_getenv(val)
|
||||||
|
- char *val;
|
||||||
|
-{
|
||||||
|
- return((char *)env_getvalue((unsigned char *)val));
|
||||||
|
-}
|
||||||
|
-
|
||||||
|
- char *
|
||||||
|
telnet_gets(tprompt, result, length, echo)
|
||||||
|
char *tprompt;
|
||||||
|
char *result;
|
||||||
|
diff -uNr krb5-1.4.1/src/appl/telnet/telnet/commands.c krb5-1.4.1/src/appl/telnet/telnet/commands.c
|
||||||
|
--- krb5-1.4.1/src/appl/telnet/telnet/commands.c 2005-04-07 17:17:26.000000000 -0400
|
||||||
|
+++ krb5-1.4.1/src/appl/telnet/telnet/commands.c 2005-06-29 21:11:34.000000000 -0400
|
||||||
|
@@ -1889,8 +1889,9 @@
|
||||||
|
register struct env_lst *ep;
|
||||||
|
|
||||||
|
for (ep = envlisthead.next; ep; ep = ep->next) {
|
||||||
|
- printf("%c %-20s %s\r\n", ep->export ? '*' : ' ',
|
||||||
|
- ep->var, ep->value);
|
||||||
|
+ printf("%c %-20s %s\r\n",
|
||||||
|
+ " +*"[(ep->welldefined ? 2 : (ep->export > 0))],
|
||||||
|
+ ep->var, ep->value);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -1914,13 +1915,15 @@
|
||||||
|
}
|
||||||
|
|
||||||
|
unsigned char *
|
||||||
|
-env_getvalue(var)
|
||||||
|
+env_getvalue(var, export_only)
|
||||||
|
unsigned char *var;
|
||||||
|
+ int export_only;
|
||||||
|
{
|
||||||
|
register struct env_lst *ep;
|
||||||
|
|
||||||
|
if ((ep = env_find(var)))
|
||||||
|
- return(ep->value);
|
||||||
|
+ if (ep->export || !export_only)
|
||||||
|
+ return(ep->value);
|
||||||
|
return(NULL);
|
||||||
|
}
|
||||||
|
|
||||||
|
diff -uNr krb5-1.4.1/src/appl/telnet/telnet/externs.h krb5-1.4.1/src/appl/telnet/telnet/externs.h
|
||||||
|
--- krb5-1.4.1/src/appl/telnet/telnet/externs.h 2003-04-23 23:27:56.000000000 -0400
|
||||||
|
+++ krb5-1.4.1/src/appl/telnet/telnet/externs.h 2005-06-29 21:05:16.000000000 -0400
|
||||||
|
@@ -347,7 +347,7 @@
|
||||||
|
|
||||||
|
extern unsigned char
|
||||||
|
*env_default (int, int),
|
||||||
|
- *env_getvalue (unsigned char *);
|
||||||
|
+ *env_getvalue (unsigned char *, int);
|
||||||
|
|
||||||
|
extern int
|
||||||
|
env_is_exported (unsigned char *);
|
||||||
|
diff -uNr krb5-1.4.1/src/appl/telnet/telnet/telnet.c krb5-1.4.1/src/appl/telnet/telnet/telnet.c
|
||||||
|
--- krb5-1.4.1/src/appl/telnet/telnet/telnet.c 2005-06-29 21:13:29.000000000 -0400
|
||||||
|
+++ krb5-1.4.1/src/appl/telnet/telnet/telnet.c 2005-06-29 21:09:13.000000000 -0400
|
||||||
|
@@ -552,7 +552,7 @@
|
||||||
|
#endif
|
||||||
|
|
||||||
|
case TELOPT_XDISPLOC: /* X Display location */
|
||||||
|
- if (env_getvalue((unsigned char *)"DISPLAY") &&
|
||||||
|
+ if (env_getvalue((unsigned char *)"DISPLAY", 0) &&
|
||||||
|
env_is_exported((unsigned char *)"DISPLAY"))
|
||||||
|
new_state_ok = 1;
|
||||||
|
break;
|
||||||
|
@@ -813,7 +813,7 @@
|
||||||
|
resettermname = 0;
|
||||||
|
if (tnamep && tnamep != unknown)
|
||||||
|
free(tnamep);
|
||||||
|
- if ((tname = (char *)env_getvalue((unsigned char *)"TERM")) &&
|
||||||
|
+ if ((tname = (char *)env_getvalue((unsigned char *)"TERM", 0)) &&
|
||||||
|
(setupterm(tname, 1, &err) == 0)) {
|
||||||
|
tnamep = mklist(termbuf, tname);
|
||||||
|
} else {
|
||||||
|
@@ -988,7 +988,7 @@
|
||||||
|
unsigned char temp[50], *dp;
|
||||||
|
int len;
|
||||||
|
|
||||||
|
- if (((dp = env_getvalue((unsigned char *)"DISPLAY")) == NULL) ||
|
||||||
|
+ if (((dp = env_getvalue((unsigned char *)"DISPLAY", 0)) == NULL) ||
|
||||||
|
(! env_is_exported((unsigned char *)"DISPLAY"))) {
|
||||||
|
/*
|
||||||
|
* Something happened, we no longer have a DISPLAY
|
||||||
|
@@ -1669,7 +1669,7 @@
|
||||||
|
env_opt_add(ep);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
- vp = env_getvalue(ep);
|
||||||
|
+ vp = env_getvalue(ep, 1);
|
||||||
|
elen = 2 * (vp ? strlen((char *)vp) : 0) +
|
||||||
|
2 * strlen((char *)ep) + 6;
|
||||||
|
if ((opt_replyend - opt_replyp) < elen)
|
||||||
|
@@ -2327,7 +2327,7 @@
|
||||||
|
send_will(TELOPT_LINEMODE, 1);
|
||||||
|
send_will(TELOPT_NEW_ENVIRON, 1);
|
||||||
|
send_do(TELOPT_STATUS, 1);
|
||||||
|
- if (env_getvalue((unsigned char *)"DISPLAY") &&
|
||||||
|
+ if (env_getvalue((unsigned char *)"DISPLAY", 0) &&
|
||||||
|
env_is_exported((unsigned char *)"DISPLAY"))
|
||||||
|
send_will(TELOPT_XDISPLOC, 1);
|
||||||
|
if (eight)
|
||||||
|
--- krb5-1.4.1/src/appl/telnet/telnetd/authenc.c 2005-06-29 21:25:09.000000000 -0400
|
||||||
|
+++ krb5-1.4.1/src/appl/telnet/telnetd/authenc.c 2005-06-29 21:25:13.000000000 -0400
|
||||||
|
@@ -67,14 +67,6 @@
|
||||||
|
}
|
||||||
|
|
||||||
|
char *
|
||||||
|
-telnet_getenv(val)
|
||||||
|
- char *val;
|
||||||
|
-{
|
||||||
|
- extern char *getenv();
|
||||||
|
- return(getenv(val));
|
||||||
|
-}
|
||||||
|
-
|
||||||
|
- char *
|
||||||
|
telnet_gets(prompt, result, length, echo)
|
||||||
|
char *prompt;
|
||||||
|
char *result;
|
||||||
|
--- krb5-1.4.1/src/appl/telnet/telnet/telnet.1 2005-06-29 21:26:55.000000000 -0400
|
||||||
|
+++ krb5-1.4.1/src/appl/telnet/telnet/telnet.1 2005-06-29 21:29:05.000000000 -0400
|
||||||
|
@@ -401,7 +401,7 @@
|
||||||
|
.I variable
|
||||||
|
to have a value of
|
||||||
|
.IR value .
|
||||||
|
-Any variables defined by this command are automatically exported. The
|
||||||
|
+Variables defined by this command are not automatically exported. The
|
||||||
|
.I value
|
||||||
|
may be enclosed in single or double quotes so that tabs and spaces may
|
||||||
|
be included.
|
||||||
|
@@ -423,8 +423,8 @@
|
||||||
|
.TP
|
||||||
|
.B list
|
||||||
|
List the current set of environment variables. Those marked with a \&*
|
||||||
|
-will be sent automatically; other variables will only be sent if
|
||||||
|
-explicitly requested.
|
||||||
|
+will be sent automatically; those marked with a \&+ will be sent if the
|
||||||
|
+other end requests their values, and other variables will not be sent.
|
||||||
|
.TP
|
||||||
|
.B \&?
|
||||||
|
Prints out help information for the
|
28
krb5.spec
28
krb5.spec
@ -7,7 +7,7 @@
|
|||||||
Summary: The Kerberos network authentication system.
|
Summary: The Kerberos network authentication system.
|
||||||
Name: krb5
|
Name: krb5
|
||||||
Version: 1.4.1
|
Version: 1.4.1
|
||||||
Release: 5
|
Release: 6
|
||||||
# Maybe we should explode from the now-available-to-everybody tarball instead?
|
# Maybe we should explode from the now-available-to-everybody tarball instead?
|
||||||
# http://web.mit.edu/kerberos/dist/krb5/1.4/krb5-1.4.1-signed.tar
|
# http://web.mit.edu/kerberos/dist/krb5/1.4/krb5-1.4.1-signed.tar
|
||||||
Source0: krb5-%{version}.tar.gz
|
Source0: krb5-%{version}.tar.gz
|
||||||
@ -64,6 +64,10 @@ Patch33: krb5-1.3.4-deadlock.patch
|
|||||||
Patch34: krb5-krshd-lehman.patch
|
Patch34: krb5-krshd-lehman.patch
|
||||||
Patch35: krb5-1.4.1-fclose.patch
|
Patch35: krb5-1.4.1-fclose.patch
|
||||||
Patch36: krb5-1.3.3-rcp-markus.patch
|
Patch36: krb5-1.3.3-rcp-markus.patch
|
||||||
|
Patch37: krb5-1.4-MITKRB5-SA-2005-002.patch
|
||||||
|
Patch38: krb5-1.4-MITKRB5-SA-2005-003.patch
|
||||||
|
Patch39: krb5-1.4.1-api.patch
|
||||||
|
Patch40: krb5-1.4.1-telnet-environ.patch
|
||||||
License: MIT, freely distributable.
|
License: MIT, freely distributable.
|
||||||
URL: http://web.mit.edu/kerberos/www/
|
URL: http://web.mit.edu/kerberos/www/
|
||||||
Group: System Environment/Libraries
|
Group: System Environment/Libraries
|
||||||
@ -128,12 +132,24 @@ network uses Kerberos, this package should be installed on every
|
|||||||
workstation.
|
workstation.
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Fri Jun 24 2005 Nalin Dahyabhai <nalin@redhat.com> 1.4.1-5
|
* Wed Jun 29 2005 Nalin Dahyabhai <nalin@redhat.com> 1.4.1-6
|
||||||
- rebuild
|
- rebuild
|
||||||
|
|
||||||
|
* Wed Jun 29 2005 Nalin Dahyabhai <nalin@redhat.com> 1.4.1-5
|
||||||
|
- fix telnet client environment variable disclosure the same way NetKit's
|
||||||
|
telnet client did (CAN-2005-0488) (#159305)
|
||||||
|
- keep apps which call krb5_principal_compare() or krb5_realm_compare() with
|
||||||
|
malformed or NULL principal structures from crashing outright (Thomas Biege)
|
||||||
|
(#161475)
|
||||||
|
|
||||||
|
* Tue Jun 28 2005 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
- apply fixes from draft of MIT-KRB5-SA-2005-002 (CAN-2005-1174,CAN-2005-1175)
|
||||||
|
(#157104)
|
||||||
|
- apply fixes from draft of MIT-KRB5-SA-2005-003 (CAN-2005-1689) (#159755)
|
||||||
|
|
||||||
* Fri Jun 24 2005 Nalin Dahyabhai <nalin@redhat.com> 1.4.1-4
|
* Fri Jun 24 2005 Nalin Dahyabhai <nalin@redhat.com> 1.4.1-4
|
||||||
- fix double-close in keytab handling
|
- fix double-close in keytab handling
|
||||||
- add port of fixes for CAN-2004-0175 to krb5-aware rcp
|
- add port of fixes for CAN-2004-0175 to krb5-aware rcp (#151612)
|
||||||
|
|
||||||
* Fri May 13 2005 Nalin Dahyabhai <nalin@redhat.com> 1.4.1-3
|
* Fri May 13 2005 Nalin Dahyabhai <nalin@redhat.com> 1.4.1-3
|
||||||
- prevent spurious EBADF in krshd when stdin is closed by the client while
|
- prevent spurious EBADF in krshd when stdin is closed by the client while
|
||||||
@ -840,6 +856,12 @@ workstation.
|
|||||||
%patch34 -p0 -b .krshd-lehman
|
%patch34 -p0 -b .krshd-lehman
|
||||||
%patch35 -p1 -b .fclose
|
%patch35 -p1 -b .fclose
|
||||||
%patch36 -p1 -b .rcp-markus
|
%patch36 -p1 -b .rcp-markus
|
||||||
|
pushd src
|
||||||
|
%patch37 -p0 -b .MIT-KRB5-SA-2005-002
|
||||||
|
%patch38 -p0 -b .MIT-KRB5-SA-2005-003
|
||||||
|
popd
|
||||||
|
%patch39 -p1 -b .api
|
||||||
|
%patch40 -p1 -b .telnet-environ
|
||||||
cp src/krb524/README README.krb524
|
cp src/krb524/README README.krb524
|
||||||
find . -type f -name "*.info-dir" -exec rm -fv "{}" ";"
|
find . -type f -name "*.info-dir" -exec rm -fv "{}" ";"
|
||||||
gzip doc/*.ps
|
gzip doc/*.ps
|
||||||
|
Loading…
Reference in New Issue
Block a user