Set error message on KCM get_princ failure

Check-for-zero-argc-in-ksu.patch

@@ -0,0 +1,29 @@
+From 2c88cf9966d2dad7902df3eeef1834b55000b246 Mon Sep 17 00:00:00 2001
+From: Greg Hudson <ghudson@mit.edu>
+Date: Tue, 24 Apr 2018 14:31:35 -0400
+Subject: [PATCH] Check for zero argc in ksu
+
+Most programs in the tree will perform a null dereference when argc is
+zero, but as a setuid program ksu should be extra careful about memory
+errors, even if this one is harmless.  Check and exit with status 1
+immediately.
+
+ticket: 8661
+(cherry picked from commit c5b0a998d6349f8c90821a347db5666aed0e50eb)
+---
+ src/clients/ksu/main.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/clients/ksu/main.c b/src/clients/ksu/main.c
+index c6321c01b..6cb91e24f 100644
+--- a/src/clients/ksu/main.c
++++ b/src/clients/ksu/main.c
+@@ -144,6 +144,8 @@ main (argc, argv)
+         exit(1);
+     }
+ 
++    if (argc == 0)
++        exit(1);
+     if (strrchr(argv[0], '/'))
+         argv[0] = strrchr(argv[0], '/')+1;
+     prog_name = argv[0];

Move-zero-argc-check-earlier-in-ksu.patch

@@ -0,0 +1,39 @@
+From 292843b6a1d774198845d8e9511d1fa2ca5859e4 Mon Sep 17 00:00:00 2001
+From: Greg Hudson <ghudson@mit.edu>
+Date: Tue, 24 Apr 2018 19:35:38 -0400
+Subject: [PATCH] Move zero argc check earlier in ksu
+
+For improved auditability, check for a zero argc value earlier in
+main() so that the first two calls to com_err() can't pass a NULL
+whoami value--which would be harmless, but that may not be obvious to
+a reader.
+
+ticket: 8661
+(cherry picked from commit e1b5b824f5d7388a67d0854b56d3906c4fbdd778)
+---
+ src/clients/ksu/main.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/src/clients/ksu/main.c b/src/clients/ksu/main.c
+index 6cb91e24f..b9a997fc2 100644
+--- a/src/clients/ksu/main.c
++++ b/src/clients/ksu/main.c
+@@ -127,6 +127,9 @@ main (argc, argv)
+     krb5_boolean restrict_creds;
+     krb5_deltat lifetime, rlife;
+ 
++    if (argc == 0)
++        exit(1);
++
+     params = (char **) xcalloc (2, sizeof (char *));
+     params[1] = NULL;
+ 
+@@ -144,8 +147,6 @@ main (argc, argv)
+         exit(1);
+     }
+ 
+-    if (argc == 0)
+-        exit(1);
+     if (strrchr(argv[0], '/'))
+         argv[0] = strrchr(argv[0], '/')+1;
+     prog_name = argv[0];

Set-error-message-on-KCM-get_princ-failure.patch

@@ -0,0 +1,42 @@
+From fb73fe5af9c82c20630cbf72c08e3e89f57deeaf Mon Sep 17 00:00:00 2001
+From: Robbie Harwood <rharwood@redhat.com>
+Date: Fri, 27 Apr 2018 13:51:39 -0400
+Subject: [PATCH] Set error message on KCM get_princ failure
+
+This matches the expected behavior from other ccache types.  Most
+notably, the KEYRING equivalent was added in
+c25fc42e8eac7350209df61e4a7b9960d17755ca
+
+ticket: 8675 (new)
+tags: pullup
+target_version: 1.16-next
+target_version: 1.15-next
+
+(cherry picked from commit 58f60f3df7a625ccdcce23dfadd52dc335fd8da7)
+---
+ src/lib/krb5/ccache/cc_kcm.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/lib/krb5/ccache/cc_kcm.c b/src/lib/krb5/ccache/cc_kcm.c
+index 0d38b1839..a777f2710 100644
+--- a/src/lib/krb5/ccache/cc_kcm.c
++++ b/src/lib/krb5/ccache/cc_kcm.c
+@@ -721,12 +721,18 @@ kcm_get_princ(krb5_context context, krb5_ccache cache,
+ {
+     krb5_error_code ret;
+     struct kcmreq req;
++    struct kcm_cache_data *data = cache->data;
+ 
+     kcmreq_init(&req, KCM_OP_GET_PRINCIPAL, cache);
+     ret = cache_call(context, cache, &req, FALSE);
+     /* Heimdal KCM can respond with code 0 and no principal. */
+     if (!ret && req.reply.len == 0)
+         ret = KRB5_FCC_NOFILE;
++    if (ret == KRB5_FCC_NOFILE) {
++        k5_setmsg(context, ret, _("Credentials cache 'KCM:%s' not found"),
++                  data->residual);
++    }
++
+     if (!ret)
+         ret = k5_unmarshal_princ(req.reply.ptr, req.reply.len, 4, princ_out);
+     kcmreq_free(&req);

krb5.spec

@@ -18,7 +18,7 @@ Summary: The Kerberos network authentication system
 Name: krb5
 Version: 1.16
 # for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces)
-Release: 24%{?dist}
+Release: 25%{?dist}
 
 # lookaside-cached sources; two downloads and a build artifact
 Source0: https://web.mit.edu/kerberos/dist/krb5/1.16/krb5-%{version}%{prerelease}.tar.gz
@@ -94,6 +94,9 @@ Patch67: Return-UPN-SANs-as-strings.patch
 Patch68: Restrict-pre-authentication-fallback-cases.patch
 Patch69: Merge-duplicate-subsections-in-profile-library.patch
 Patch70: Fix-KDC-null-dereference-on-large-TGS-replies.patch
+Patch71: Check-for-zero-argc-in-ksu.patch
+Patch72: Move-zero-argc-check-earlier-in-ksu.patch
+Patch73: Set-error-message-on-KCM-get_princ-failure.patch
 
 License: MIT
 URL: http://web.mit.edu/kerberos/www/
@@ -745,6 +748,9 @@ exit 0
 %{_libdir}/libkadm5srv_mit.so.*
 
 %changelog
+* Mon Apr 30 2018 Robbie Harwood <rharwood@redhat.com> - 1.16-25
+- Set error message on KCM get_princ failure
+
 * Tue Apr 24 2018 Robbie Harwood <rharwood@redhat.com> - 1.16-24
 - Fix KDC null dereference on large TGS replies