From b3e836cce9b43dcdf4487a89b364e19dd143d297 Mon Sep 17 00:00:00 2001
From: Nalin Dahyabhai <nalin@fedoraproject.org>
Date: Tue, 18 May 2010 18:14:30 +0000
Subject: [PATCH] - add patch to correct GSSAPI library null pointer
 dereference which could     be triggered by malformed client requests
 (CVE-2010-1321, #582466)

---
 2010-005-patch.txt | 18 ++++++++++++++++++
 krb5.spec          |  8 +++++++-
 2 files changed, 25 insertions(+), 1 deletion(-)
 create mode 100644 2010-005-patch.txt

diff --git a/2010-005-patch.txt b/2010-005-patch.txt
new file mode 100644
index 0000000..7f9f7a4
--- /dev/null
+++ b/2010-005-patch.txt
@@ -0,0 +1,18 @@
+diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c
+index ce3075f..6241055 100644
+--- a/src/lib/gssapi/krb5/accept_sec_context.c
++++ b/src/lib/gssapi/krb5/accept_sec_context.c
+@@ -607,6 +607,13 @@ kg_accept_krb5(minor_status, context_handle,
+     }
+ #endif
+ 
++    if (authdat->checksum == NULL) {
++        /* missing checksum counts as "inappropriate type" */
++        code = KRB5KRB_AP_ERR_INAPP_CKSUM;
++        major_status = GSS_S_FAILURE;
++        goto fail;
++    }
++
+     if (authdat->checksum->checksum_type != CKSUMTYPE_KG_CB) {
+         /* Samba does not send 0x8003 GSS-API checksums */
+         krb5_boolean valid;
diff --git a/krb5.spec b/krb5.spec
index a9fd90e..f94f52e 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -5,7 +5,7 @@
 Summary: The Kerberos network authentication system
 Name: krb5
 Version: 1.8.1
-Release: 4%{?dist}
+Release: 5%{?dist}
 # Maybe we should explode from the now-available-to-everybody tarball instead?
 # http://web.mit.edu/kerberos/dist/krb5/1.8/krb5-1.8.1-signed.tar
 Source0: krb5-%{version}.tar.gz
@@ -46,6 +46,7 @@ Patch63: krb5-1.8-selinux-label.patch
 Patch70: krb5-trunk-kpasswd_tcp2.patch
 Patch71: krb5-1.8-dirsrv-accountlock.patch
 Patch72: http://web.mit.edu/kerberos/advisories/2010-004-patch.txt
+Patch73: http://web.mit.edu/kerberos/advisories/2010-005-patch.txt
 
 License: MIT
 URL: http://web.mit.edu/kerberos/www/
@@ -181,6 +182,7 @@ ln -s NOTICE LICENSE
 #%patch70 -p0 -b .kpasswd_tcp2
 %patch71 -p1 -b .dirsrv-accountlock
 %patch72 -p1 -b .2010-004
+%patch73 -p1 -b .2010-005
 gzip doc/*.ps
 
 sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' doc/api/library.tex
@@ -622,6 +624,10 @@ exit 0
 %{_sbindir}/uuserver
 
 %changelog
+* Tue May 18 2010 Nalin Dahyabhai <nalin@redhat.com> 1.8.1-5
+- add patch to correct GSSAPI library null pointer dereference which could be
+  triggered by malformed client requests (CVE-2010-1321, #582466)
+
 * Tue May  4 2010 Nalin Dahyabhai <nalin@redhat.com> 1.8.1-4
 - fix output of kprop's init script's "status" and "reload" commands (#588222)