rpms/krb5
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- add patch to correct GSSAPI library null pointer dereference which could

Browse Source 
be triggered by malformed client requests (CVE-2010-1321, #582466)
This commit is contained in:
Nalin Dahyabhai 2010-05-18 18:14:30 +00:00
parent 59f0148016
commit b3e836cce9
2 changed files with 25 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
2010-005-patch.txt Normal file
View File

@ -0,0 +1,18 @@
diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c
index ce3075f..6241055 100644
--- a/src/lib/gssapi/krb5/accept_sec_context.c
+++ b/src/lib/gssapi/krb5/accept_sec_context.c
@@ -607,6 +607,13 @@ kg_accept_krb5(minor_status, context_handle,
}
#endif
+ if (authdat->checksum == NULL) {
+ /* missing checksum counts as "inappropriate type" */
+ code = KRB5KRB_AP_ERR_INAPP_CKSUM;
+ major_status = GSS_S_FAILURE;
+ goto fail;
+ }
+
if (authdat->checksum->checksum_type != CKSUMTYPE_KG_CB) {
/* Samba does not send 0x8003 GSS-API checksums */
krb5_boolean valid;

8
krb5.spec
View File

@ -5,7 +5,7 @@
Summary: The Kerberos network authentication system Summary: The Kerberos network authentication system
Name: krb5 Name: krb5
Version: 1.8.1 Version: 1.8.1
Release: 4%{?dist} Release: 5%{?dist}
# Maybe we should explode from the now-available-to-everybody tarball instead? # Maybe we should explode from the now-available-to-everybody tarball instead?
# http://web.mit.edu/kerberos/dist/krb5/1.8/krb5-1.8.1-signed.tar # http://web.mit.edu/kerberos/dist/krb5/1.8/krb5-1.8.1-signed.tar
Source0: krb5-%{version}.tar.gz Source0: krb5-%{version}.tar.gz
@ -46,6 +46,7 @@ Patch63: krb5-1.8-selinux-label.patch
Patch70: krb5-trunk-kpasswd_tcp2.patch Patch70: krb5-trunk-kpasswd_tcp2.patch
Patch71: krb5-1.8-dirsrv-accountlock.patch Patch71: krb5-1.8-dirsrv-accountlock.patch
Patch72: http://web.mit.edu/kerberos/advisories/2010-004-patch.txt Patch72: http://web.mit.edu/kerberos/advisories/2010-004-patch.txt
Patch73: http://web.mit.edu/kerberos/advisories/2010-005-patch.txt
License: MIT License: MIT
URL: http://web.mit.edu/kerberos/www/ URL: http://web.mit.edu/kerberos/www/
@ -181,6 +182,7 @@ ln -s NOTICE LICENSE
#%patch70 -p0 -b .kpasswd_tcp2 #%patch70 -p0 -b .kpasswd_tcp2
%patch71 -p1 -b .dirsrv-accountlock %patch71 -p1 -b .dirsrv-accountlock
%patch72 -p1 -b .2010-004 %patch72 -p1 -b .2010-004
%patch73 -p1 -b .2010-005
gzip doc/*.ps gzip doc/*.ps
sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' doc/api/library.tex sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' doc/api/library.tex
@ -622,6 +624,10 @@ exit 0
%{_sbindir}/uuserver %{_sbindir}/uuserver
%changelog %changelog
* Tue May 18 2010 Nalin Dahyabhai <nalin@redhat.com> 1.8.1-5
- add patch to correct GSSAPI library null pointer dereference which could be
triggered by malformed client requests (CVE-2010-1321, #582466)
* Tue May 4 2010 Nalin Dahyabhai <nalin@redhat.com> 1.8.1-4 * Tue May 4 2010 Nalin Dahyabhai <nalin@redhat.com> 1.8.1-4
- fix output of kprop's init script's "status" and "reload" commands (#588222) - fix output of kprop's init script's "status" and "reload" commands (#588222)