- libgssapi_krb5: properly export the acceptor subkey when creating a lucid

context (Kevin Coffman, via the nfs4 mailing list)
This commit is contained in:
Nalin Dahyabhai 2008-04-01 20:53:54 +00:00
parent 7668599d1d
commit ddde7d0f6e
2 changed files with 19 additions and 0 deletions

View File

@ -0,0 +1,13 @@
From Kevin Coffman, via the nfs4 mailing list.
diff -up src/lib/gssapi/krb5/lucid_context.c ./src/lib/gssapi/krb5/lucid_context.c
--- src/lib/gssapi/krb5/lucid_context.c 2008-04-01 16:28:11.000000000 -0400
+++ src/lib/gssapi/krb5/lucid_context.c 2008-04-01 16:28:01.000000000 -0400
@@ -231,7 +231,7 @@ make_external_lucid_ctx_v1(
&lctx->cfx_kd.ctx_key)))
goto error_out;
if (gctx->have_acceptor_subkey) {
- if ((retval = copy_keyblock_to_lucid_key(gctx->enc,
+ if ((retval = copy_keyblock_to_lucid_key(gctx->acceptor_subkey,
&lctx->cfx_kd.acceptor_subkey)))
goto error_out;
lctx->cfx_kd.have_acceptor_subkey = 1;

View File

@ -100,6 +100,7 @@ Patch74: krb5-CVE-2008-0062,0063.patch
Patch75: krb5-CVE-2008-0947.patch Patch75: krb5-CVE-2008-0947.patch
Patch76: krb5-CVE-2007-5901.patch Patch76: krb5-CVE-2007-5901.patch
Patch77: krb5-CVE-2007-5971.patch Patch77: krb5-CVE-2007-5971.patch
Patch78: krb5-1.6.3-lucid-acceptor.patch
License: MIT, freely distributable. License: MIT, freely distributable.
URL: http://web.mit.edu/kerberos/www/ URL: http://web.mit.edu/kerberos/www/
@ -230,6 +231,10 @@ to obtain initial credentials from a KDC using a private key and a
certificate. certificate.
%changelog %changelog
* Tue Apr 1 2008 Nalin Dahyabhai <nalin@redhat.com> 1.6.3-11
- libgssapi_krb5: properly export the acceptor subkey when creating a lucid
context (Kevin Coffman, via the nfs4 mailing list)
* Tue Mar 18 2008 Nalin Dahyabhai <nalin@redhat.com> 1.6.3-10 * Tue Mar 18 2008 Nalin Dahyabhai <nalin@redhat.com> 1.6.3-10
- add fixes from MITKRB5-SA-2008-001 for use of null or dangling pointer - add fixes from MITKRB5-SA-2008-001 for use of null or dangling pointer
when v4 compatibility is enabled on the KDC (CVE-2008-0062, CVE-2008-0063, when v4 compatibility is enabled on the KDC (CVE-2008-0062, CVE-2008-0063,
@ -1349,6 +1354,7 @@ popd
%patch75 -p0 -b .2008-0947 %patch75 -p0 -b .2008-0947
%patch76 -p0 -b .2007-5901 %patch76 -p0 -b .2007-5901
%patch77 -p0 -b .2007-5971 %patch77 -p0 -b .2007-5971
%patch78 -p0 -b .lucid_acceptor
cp src/krb524/README README.krb524 cp src/krb524/README README.krb524
gzip doc/*.ps gzip doc/*.ps