rpms/krb5
6
0
Fork 0
Code Issues Pull Requests Releases Activity

- update to 1.9.1:

Browse Source 
- drop no-longer-needed patches for CVE-2010-4022, CVE-2011-0281,
    CVE-2011-0282, CVE-2011-0283, CVE-2011-0284, CVE-2011-0285
This commit is contained in:
Nalin Dahyabhai 2011-05-05 19:03:10 -04:00
parent d2ffb0c7c5
commit ac127d5263
7 changed files with 14 additions and 208 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@ -53,3 +53,6 @@ krb5-1.8.3-pdf.tar.gz
/krb5-1.9.tar.gz
/krb5-1.9.tar.gz.asc
/krb5-1.9-pdf.tar.bz2
/krb5-1.9.1.tar.gz
/krb5-1.9.1.tar.gz.asc
/krb5-1.9.1-pdf.tar.bz2

19
2011-001-patch.txt
View File

@ -1,19 +0,0 @@
diff -up krb5/src/slave/kpropd.c krb5/src/slave/kpropd.c
--- krb5/src/slave/kpropd.c 2010-12-17 11:14:26.000000000 -0500
+++ krb5/src/slave/kpropd.c 2010-12-17 11:41:19.000000000 -0500
@@ -404,11 +404,11 @@ retry:
}
close(s);
- if (iproprole == IPROP_SLAVE)
+ if (iproprole == IPROP_SLAVE) {
close(finet);
-
- if ((ret = WEXITSTATUS(status)) != 0)
- return (ret);
+ if ((ret = WEXITSTATUS(status)) != 0)
+ return (ret);
+ }
}
if (iproprole == IPROP_SLAVE)
break;

126
2011-002-patch.txt
View File

@ -1,126 +0,0 @@
diff --git a/src/kdc/dispatch.c b/src/kdc/dispatch.c
index 63ff3b3..b4a90bb 100644
--- a/src/kdc/dispatch.c
+++ b/src/kdc/dispatch.c
@@ -115,7 +115,8 @@ dispatch(void *cb, struct sockaddr *local_saddr, const krb5_fulladdr *from,
kdc_insert_lookaside(pkt, *response);
#endif
- if (is_tcp == 0 && (*response)->length > max_dgram_reply_size) {
+ if (is_tcp == 0 && *response != NULL &&
+ (*response)->length > max_dgram_reply_size) {
too_big_for_udp:
krb5_free_data(kdc_context, *response);
retval = make_too_big_error(response);
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
index d677bb2..a356907 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
+++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
@@ -102,14 +102,18 @@ extern void prepend_err_str (krb5_context ctx, const char *s, krb5_error_code er
#define LDAP_SEARCH(base, scope, filter, attrs) LDAP_SEARCH_1(base, scope, filter, attrs, CHECK_STATUS)
#define LDAP_SEARCH_1(base, scope, filter, attrs, status_check) \
- do { \
- st = ldap_search_ext_s(ld, base, scope, filter, attrs, 0, NULL, NULL, &timelimit, LDAP_NO_LIMIT, &result); \
- if (translate_ldap_error(st, OP_SEARCH) == KRB5_KDB_ACCESS_ERROR) { \
- tempst = krb5_ldap_rebind(ldap_context, &ldap_server_handle); \
- if (ldap_server_handle) \
- ld = ldap_server_handle->ldap_handle; \
- } \
- }while (translate_ldap_error(st, OP_SEARCH) == KRB5_KDB_ACCESS_ERROR && tempst == 0); \
+ tempst = 0; \
+ st = ldap_search_ext_s(ld, base, scope, filter, attrs, 0, NULL, \
+ NULL, &timelimit, LDAP_NO_LIMIT, &result); \
+ if (translate_ldap_error(st, OP_SEARCH) == KRB5_KDB_ACCESS_ERROR) { \
+ tempst = krb5_ldap_rebind(ldap_context, &ldap_server_handle); \
+ if (ldap_server_handle) \
+ ld = ldap_server_handle->ldap_handle; \
+ if (tempst == 0) \
+ st = ldap_search_ext_s(ld, base, scope, filter, attrs, 0, \
+ NULL, NULL, &timelimit, \
+ LDAP_NO_LIMIT, &result); \
+ } \
\
if (status_check != IGNORE_STATUS) { \
if (tempst != 0) { \
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c
index 82b0333..84e80ee 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c
@@ -302,6 +302,7 @@ krb5_ldap_rebind(krb5_ldap_context *ldap_context,
{
krb5_ldap_server_handle *handle = *ldap_server_handle;
+ ldap_unbind_ext_s(handle->ldap_handle, NULL, NULL);
if ((ldap_initialize(&handle->ldap_handle, handle->server_info->server_name) != LDAP_SUCCESS)
|| (krb5_ldap_bind(ldap_context, handle) != LDAP_SUCCESS))
return krb5_ldap_request_next_handle_from_pool(ldap_context, ldap_server_handle);
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
index 86fa4d1..0f49c86 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
@@ -487,12 +487,11 @@ is_principal_in_realm(krb5_ldap_context *ldap_context,
* portion, then the first portion of the principal name SHOULD be
* "krbtgt". All this check is done in the immediate block.
*/
- if (searchfor->length == 2)
- if ((strncasecmp(searchfor->data[0].data, "krbtgt",
- FIND_MAX(searchfor->data[0].length, strlen("krbtgt"))) == 0) &&
- (strncasecmp(searchfor->data[1].data, defrealm,
- FIND_MAX(searchfor->data[1].length, defrealmlen)) == 0))
+ if (searchfor->length == 2) {
+ if (data_eq_string(searchfor->data[0], "krbtgt") &&
+ data_eq_string(searchfor->data[1], defrealm))
return 0;
+ }
/* first check the length, if they are not equal, then they are not same */
if (strlen(defrealm) != searchfor->realm.length)
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
index 140db1a..552e39a 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
@@ -78,10 +78,10 @@ krb5_error_code
krb5_ldap_get_principal(krb5_context context, krb5_const_principal searchfor,
unsigned int flags, krb5_db_entry **entry_ptr)
{
- char *user=NULL, *filter=NULL, **subtree=NULL;
+ char *user=NULL, *filter=NULL, *filtuser=NULL;
unsigned int tree=0, ntrees=1, princlen=0;
krb5_error_code tempst=0, st=0;
- char **values=NULL, *cname=NULL;
+ char **values=NULL, **subtree=NULL, *cname=NULL;
LDAP *ld=NULL;
LDAPMessage *result=NULL, *ent=NULL;
krb5_ldap_context *ldap_context=NULL;
@@ -115,12 +115,18 @@ krb5_ldap_get_principal(krb5_context context, krb5_const_principal searchfor,
if ((st=krb5_ldap_unparse_principal_name(user)) != 0)
goto cleanup;
- princlen = strlen(FILTER) + strlen(user) + 2 + 1; /* 2 for closing brackets */
+ filtuser = ldap_filter_correct(user);
+ if (filtuser == NULL) {
+ st = ENOMEM;
+ goto cleanup;
+ }
+
+ princlen = strlen(FILTER) + strlen(filtuser) + 2 + 1; /* 2 for closing brackets */
if ((filter = malloc(princlen)) == NULL) {
st = ENOMEM;
goto cleanup;
}
- snprintf(filter, princlen, FILTER"%s))", user);
+ snprintf(filter, princlen, FILTER"%s))", filtuser);
if ((st = krb5_get_subtree_info(ldap_context, &subtree, &ntrees)) != 0)
goto cleanup;
@@ -207,6 +213,9 @@ cleanup:
if (user)
free(user);
+ if (filtuser)
+ free(filtuser);
+
if (cname)
free(cname);

13
2011-003-patch.txt
View File

@ -1,13 +0,0 @@
diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c
index 46b5fa1..464cb6e 100644
--- a/src/kdc/do_as_req.c
+++ b/src/kdc/do_as_req.c
@@ -741,6 +741,8 @@ prepare_error_as (struct kdc_request_state *rstate, krb5_kdc_req *request,
pad->contents = td[size]->data;
pad->length = td[size]->length;
pa[size] = pad;
+ td[size]->data = NULL;
+ td[size]->length = 0;
}
krb5_free_typed_data(kdc_context, td);
}

39
2011-004-patch.txt
View File

@ -1,39 +0,0 @@
diff --git a/src/kadmin/server/schpw.c b/src/kadmin/server/schpw.c
index 1124445..0056885 100644
--- a/src/kadmin/server/schpw.c
+++ b/src/kadmin/server/schpw.c
@@ -52,6 +52,7 @@ process_chpw_request(context, server_handle, realm, keytab,
ret = 0;
rep->length = 0;
+ rep->data = NULL;
auth_context = NULL;
changepw = NULL;
@@ -76,8 +77,13 @@ process_chpw_request(context, server_handle, realm, keytab,
plen = (*ptr++ & 0xff);
plen = (plen<<8) | (*ptr++ & 0xff);
- if (plen != req->length)
- return(KRB5KRB_AP_ERR_MODIFIED);
+ if (plen != req->length) {
+ ret = KRB5KRB_AP_ERR_MODIFIED;
+ numresult = KRB5_KPASSWD_MALFORMED;
+ strlcpy(strresult, "Request length was inconsistent",
+ sizeof(strresult));
+ goto chpwfail;
+ }
/* verify version number */
@@ -531,6 +537,10 @@ cleanup:
if (local_kaddrs != NULL)
krb5_free_addresses(server_handle->context, local_kaddrs);
+ if ((*response)->data == NULL) {
+ free(*response);
+ *response = NULL;
+ }
krb5_kt_close(server_handle->context, kt);
return ret;

19
krb5.spec
View File

@ -5,8 +5,8 @@
Summary: The Kerberos network authentication system
Name: krb5
Version: 1.9
Release: 9%{?dist}
Version: 1.9.1
Release: 1%{?dist}
# Maybe we should explode from the now-available-to-everybody tarball instead?
# http://web.mit.edu/kerberos/dist/krb5/1.9/krb5-1.9-signed.tar
Source0: krb5-%{version}.tar.gz
@ -49,13 +49,9 @@ Patch63: krb5-1.9-selinux-label.patch
Patch70: krb5-trunk-kpasswd_tcp2.patch
Patch71: krb5-1.9-dirsrv-accountlock.patch
Patch72: krb5-pkinit-cms2.patch
Patch73: http://web.mit.edu/kerberos/advisories/2011-001-patch.txt
Patch74: http://web.mit.edu/kerberos/advisories/2011-002-patch.txt
Patch75: krb5-pkinit-debug.patch
Patch76: http://web.mit.edu/kerberos/advisories/2011-003-patch.txt
Patch77: krb5-1.9-paren.patch
Patch78: krb5-trunk-chpw-err.patch
Patch79: http://web.mit.edu/kerberos/advisories/2011-004-patch.txt
License: MIT
URL: http://web.mit.edu/kerberos/www/
@ -196,13 +192,9 @@ ln -s NOTICE LICENSE
#%patch70 -p0 -b .kpasswd_tcp2
%patch71 -p1 -b .dirsrv-accountlock
%patch72 -p1 -b .pkinit_cms2
%patch73 -p1 -b .2011-001
%patch74 -p1 -b .2011-002
#%patch75 -p1 -b .pkinit-debug
%patch76 -p1 -b .2011-003
%patch77 -p1 -b .paren
%patch78 -p0 -b .chpw-err
%patch79 -p1 -b .2011-004
gzip doc/*.ps
sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' doc/api/library.tex
@ -661,6 +653,11 @@ exit 0
%{_sbindir}/uuserver
%changelog
* Thu May 5 2011 Nalin Dahyabhai <nalin@redhat.com> 1.9.1-1
- update to 1.9.1:
- drop no-longer-needed patches for CVE-2010-4022, CVE-2011-0281,
CVE-2011-0282, CVE-2011-0283, CVE-2011-0284, CVE-2011-0285
* Wed Apr 13 2011 Nalin Dahyabhai <nalin@redhat.com> 1.9-9
- kadmind: add upstream patch to fix free() on an invalid pointer (#696343,
MITKRB5-SA-2011-004, CVE-2011-0285)
@ -681,7 +678,7 @@ exit 0
- turn off NSS as the backend for libk5crypto for now to work around its
DES string2key not working (#679012)
- add revised upstream patch to fix double-free in KDC while returning
typed-data with errors (CVE-2011-0284, #674325)
typed-data with errors (MITKRB5-SA-2011-003, CVE-2011-0284, #674325)
* Thu Feb 17 2011 Nalin Dahyabhai <nalin@redhat.com>
- throw in a not-applied-by-default patch to try to make pkinit debugging

3
sources
View File

@ -1,3 +1,6 @@
f8870f28cdae2e00d2ea0874024bc059 krb5-1.9.tar.gz
998f37422c6739d872e9588e40756312 krb5-1.9.tar.gz.asc
08820591bd2b0067d4b1b9cbf3fefcbd krb5-1.9-pdf.tar.bz2
88d7bbb869849cd0cce1af3165ac0cc6 krb5-1.9.1.tar.gz
a0bd0c8ff1a2d7e41be77b80e713c319 krb5-1.9.1.tar.gz.asc
9d214707c921ba0887f92fb5408d0370 krb5-1.9.1-pdf.tar.bz2