From 8f876bbbeb89a4429e67b1edf369944b5ae4172a Mon Sep 17 00:00:00 2001
From: Nalin Dahyabhai <nalin@dahyabhai.net>
Date: Tue, 12 Nov 2013 16:25:26 -0500
Subject: [PATCH] Drop patch for CVE-2013-1418, included in 1.11.4

---
 krb5-CVE-2013-1418.patch | 35 -----------------------------------
 krb5.spec                |  3 +--
 2 files changed, 1 insertion(+), 37 deletions(-)
 delete mode 100644 krb5-CVE-2013-1418.patch

diff --git a/krb5-CVE-2013-1418.patch b/krb5-CVE-2013-1418.patch
deleted file mode 100644
index 11c5b4b..0000000
--- a/krb5-CVE-2013-1418.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-commit 05c544eef3633b774ca38154ba4c2bf3416b471b
-Author: Tom Yu <tlyu@mit.edu>
-Date:   Mon Nov 4 15:33:09 2013 -0500
-
-    Multi-realm KDC null deref [CVE-2013-1418]
-    
-    If a KDC serves multiple realms, certain requests can cause
-    setup_server_realm() to dereference a null pointer, crashing the KDC.
-    
-    CVSSv2: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C
-    
-    A related but more minor vulnerability requires authentication to
-    exploit, and is only present if a third-party KDC database module can
-    dereference a null pointer under certain conditions.
-    
-    (back ported from commit 5d2d9a1abe46a2c1a8614d4672d08d9d30a5f8bf)
-    
-    ticket: 7756 (new)
-    version_fixed: 1.11.4
-    status: resolved
-
-diff --git a/src/kdc/main.c b/src/kdc/main.c
-index 1624046..8a085a2 100644
---- a/src/kdc/main.c
-+++ b/src/kdc/main.c
-@@ -125,6 +125,9 @@ setup_server_realm(struct server_handle *handle, krb5_principal sprinc)
-     int kdc_numrealms = handle->kdc_numrealms;
- 
-     kret = 0;
-+    if (sprinc == NULL)
-+        return NULL;
-+
-     if (kdc_numrealms > 1) {
-         if (!(newrealm = find_realm_data(handle, sprinc->realm.data,
-                                          (krb5_ui_4) sprinc->realm.length)))
diff --git a/krb5.spec b/krb5.spec
index 3b33896..f2cbc8d 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -106,7 +106,6 @@ Patch134: krb5-1.11-kpasswdtest.patch
 Patch135: krb5-1.11-check_transited.patch
 Patch136: krb5-1.11.3-prompter1.patch
 Patch137: krb5-1.11.3-prompter2.patch
-Patch139: krb5-CVE-2013-1418.patch
 
 # Patches for otp plugin backport
 Patch201: krb5-1.11.2-keycheck.patch
@@ -352,7 +351,6 @@ ln -s NOTICE LICENSE
 %patch135 -p1 -b .check_transited
 %patch136 -p1 -b .prompter1
 %patch137 -p1 -b .prompter2
-%patch139 -p1 -b .CVE-2013-1418
 
 %patch201 -p1 -b .keycheck
 %patch202 -p1 -b .otp
@@ -1008,6 +1006,7 @@ exit 0
 - update to 1.11.4
   - drop patch for RT#7650, obsoleted
   - drop patch for RT#7706, obsoleted as RT#7723
+  - drop patch for CVE-2013-1418, included in 1.11.4
 
 * Tue Nov 12 2013 Nalin Dahyabhai <nalin@redhat.com> - 1.11.3-31
 - switch to the simplified version of the patch for #1029110 (RT#7764)