6576f38483
Tue Aug 31 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.4-7
- rebuild
Tue Aug 24 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.4-6
- rebuild
Tue Aug 24 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.4-5
- incorporate revised fixes from Tom Yu for CAN-2004-0642, CAN-2004-0644,
CAN-2004-0772
Mon Aug 23 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.4-4
- rebuild
Mon Aug 23 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.4-3
- incorporate fixes from Tom Yu for CAN-2004-0642, CAN-2004-0772
(MITKRB5-SA-2004-002, #130732)
- incorporate fixes from Tom Yu for CAN-2004-0644 (MITKRB5-SA-2004-003,
#130732)
269 lines
7.0 KiB
Plaintext
269 lines
7.0 KiB
Plaintext
Index: src/clients/klist/klist.c
|
|
===================================================================
|
|
RCS file: /cvs/krbdev/krb5/src/clients/klist/klist.c,v
|
|
retrieving revision 5.63
|
|
diff -c -r5.63 klist.c
|
|
*** src/clients/klist/klist.c 11 Apr 2002 03:21:46 -0000 5.63
|
|
--- src/clients/klist/klist.c 23 Aug 2004 03:37:26 -0000
|
|
***************
|
|
*** 614,619 ****
|
|
--- 614,622 ----
|
|
|
|
if (show_etype) {
|
|
retval = krb5_decode_ticket(&cred->ticket, &tkt);
|
|
+ if (retval)
|
|
+ goto err_tkt;
|
|
+
|
|
if (!extra_field)
|
|
fputs("\t",stdout);
|
|
else
|
|
***************
|
|
*** 622,629 ****
|
|
etype_string(cred->keyblock.enctype));
|
|
printf("%s ",
|
|
etype_string(tkt->enc_part.enctype));
|
|
- krb5_free_ticket(kcontext, tkt);
|
|
extra_field++;
|
|
}
|
|
|
|
/* if any additional info was printed, extra_field is non-zero */
|
|
--- 625,635 ----
|
|
etype_string(cred->keyblock.enctype));
|
|
printf("%s ",
|
|
etype_string(tkt->enc_part.enctype));
|
|
extra_field++;
|
|
+
|
|
+ err_tkt:
|
|
+ if (tkt != NULL)
|
|
+ krb5_free_ticket(kcontext, tkt);
|
|
}
|
|
|
|
/* if any additional info was printed, extra_field is non-zero */
|
|
Index: src/krb524/krb524d.c
|
|
===================================================================
|
|
RCS file: /cvs/krbdev/krb5/src/krb524/krb524d.c,v
|
|
retrieving revision 1.55.2.3
|
|
diff -c -r1.55.2.3 krb524d.c
|
|
*** src/krb524/krb524d.c 28 May 2003 04:06:31 -0000 1.55.2.3
|
|
--- src/krb524/krb524d.c 23 Aug 2004 03:37:26 -0000
|
|
***************
|
|
*** 582,589 ****
|
|
printf("v4 credentials encoded\n");
|
|
|
|
error:
|
|
! if (v5tkt->enc_part2)
|
|
krb5_free_enc_tkt_part(context, v5tkt->enc_part2);
|
|
|
|
if(v5_service_key.contents)
|
|
krb5_free_keyblock_contents(context, &v5_service_key);
|
|
--- 582,591 ----
|
|
printf("v4 credentials encoded\n");
|
|
|
|
error:
|
|
! if (v5tkt->enc_part2) {
|
|
krb5_free_enc_tkt_part(context, v5tkt->enc_part2);
|
|
+ v5tkt->enc_part2 = NULL;
|
|
+ }
|
|
|
|
if(v5_service_key.contents)
|
|
krb5_free_keyblock_contents(context, &v5_service_key);
|
|
Index: src/lib/krb5/asn.1/asn1buf.c
|
|
===================================================================
|
|
RCS file: /cvs/krbdev/krb5/src/lib/krb5/asn.1/asn1buf.c,v
|
|
retrieving revision 5.24
|
|
diff -c -r5.24 asn1buf.c
|
|
*** src/lib/krb5/asn.1/asn1buf.c 12 Mar 2003 04:33:30 -0000 5.24
|
|
--- src/lib/krb5/asn.1/asn1buf.c 23 Aug 2004 03:37:27 -0000
|
|
***************
|
|
*** 255,260 ****
|
|
--- 255,261 ----
|
|
(*code)->data = (char*)malloc((((*code)->length)+1)*sizeof(char));
|
|
if ((*code)->data == NULL) {
|
|
free(*code);
|
|
+ *code = NULL;
|
|
return ENOMEM;
|
|
}
|
|
for(i=0; i < (*code)->length; i++)
|
|
Index: src/lib/krb5/asn.1/krb5_decode.c
|
|
===================================================================
|
|
RCS file: /cvs/krbdev/krb5/src/lib/krb5/asn.1/krb5_decode.c,v
|
|
retrieving revision 5.40.2.5
|
|
diff -c -r5.40.2.5 krb5_decode.c
|
|
*** src/lib/krb5/asn.1/krb5_decode.c 10 Oct 2003 23:57:38 -0000 5.40.2.5
|
|
--- src/lib/krb5/asn.1/krb5_decode.c 23 Aug 2004 03:37:27 -0000
|
|
***************
|
|
*** 183,190 ****
|
|
#define cleanup(cleanup_routine)\
|
|
return 0; \
|
|
error_out: \
|
|
! if (rep && *rep) \
|
|
cleanup_routine(*rep); \
|
|
return retval;
|
|
|
|
#define cleanup_none()\
|
|
--- 183,192 ----
|
|
#define cleanup(cleanup_routine)\
|
|
return 0; \
|
|
error_out: \
|
|
! if (rep && *rep) { \
|
|
cleanup_routine(*rep); \
|
|
+ *rep = NULL; \
|
|
+ } \
|
|
return retval;
|
|
|
|
#define cleanup_none()\
|
|
***************
|
|
*** 233,238 ****
|
|
--- 235,241 ----
|
|
free_field(*rep,checksum);
|
|
free_field(*rep,client);
|
|
free(*rep);
|
|
+ *rep = NULL;
|
|
}
|
|
return retval;
|
|
}
|
|
***************
|
|
*** 254,260 ****
|
|
{ begin_structure();
|
|
{ krb5_kvno kvno;
|
|
get_field(kvno,0,asn1_decode_kvno);
|
|
! if(kvno != KVNO) return KRB5KDC_ERR_BAD_PVNO;
|
|
}
|
|
alloc_field((*rep)->server,krb5_principal_data);
|
|
get_field((*rep)->server,1,asn1_decode_realm);
|
|
--- 257,263 ----
|
|
{ begin_structure();
|
|
{ krb5_kvno kvno;
|
|
get_field(kvno,0,asn1_decode_kvno);
|
|
! if(kvno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO);
|
|
}
|
|
alloc_field((*rep)->server,krb5_principal_data);
|
|
get_field((*rep)->server,1,asn1_decode_realm);
|
|
***************
|
|
*** 268,273 ****
|
|
--- 271,277 ----
|
|
if (rep && *rep) {
|
|
free_field(*rep,server);
|
|
free(*rep);
|
|
+ *rep = NULL;
|
|
}
|
|
return retval;
|
|
}
|
|
***************
|
|
*** 320,325 ****
|
|
--- 324,330 ----
|
|
free_field(*rep,session);
|
|
free_field(*rep,client);
|
|
free(*rep);
|
|
+ *rep = NULL;
|
|
}
|
|
return retval;
|
|
}
|
|
***************
|
|
*** 403,408 ****
|
|
--- 408,414 ----
|
|
if (rep && *rep) {
|
|
free_field(*rep,ticket);
|
|
free(*rep);
|
|
+ *rep = NULL;
|
|
}
|
|
return retval;
|
|
}
|
|
***************
|
|
*** 451,456 ****
|
|
--- 457,463 ----
|
|
if (rep && *rep) {
|
|
free_field(*rep,subkey);
|
|
free(*rep);
|
|
+ *rep = NULL;
|
|
}
|
|
return retval;
|
|
}
|
|
***************
|
|
*** 556,561 ****
|
|
--- 563,569 ----
|
|
if (rep && *rep) {
|
|
free_field(*rep,checksum);
|
|
free(*rep);
|
|
+ *rep = NULL;
|
|
}
|
|
return retval;
|
|
}
|
|
***************
|
|
*** 614,619 ****
|
|
--- 622,628 ----
|
|
free_field(*rep,r_address);
|
|
free_field(*rep,s_address);
|
|
free(*rep);
|
|
+ *rep = NULL;
|
|
}
|
|
return retval;
|
|
}
|
|
***************
|
|
*** 668,673 ****
|
|
--- 677,683 ----
|
|
free_field(*rep,r_address);
|
|
free_field(*rep,s_address);
|
|
free(*rep);
|
|
+ *rep = NULL;
|
|
}
|
|
return retval;
|
|
}
|
|
***************
|
|
*** 713,718 ****
|
|
--- 723,729 ----
|
|
free_field(*rep,server);
|
|
free_field(*rep,client);
|
|
free(*rep);
|
|
+ *rep = NULL;
|
|
}
|
|
return retval;
|
|
}
|
|
Index: src/lib/krb5/krb/rd_rep.c
|
|
===================================================================
|
|
RCS file: /cvs/krbdev/krb5/src/lib/krb5/krb/rd_rep.c,v
|
|
retrieving revision 5.33.2.2
|
|
diff -c -r5.33.2.2 rd_rep.c
|
|
*** src/lib/krb5/krb/rd_rep.c 14 Jun 2003 00:09:47 -0000 5.33.2.2
|
|
--- src/lib/krb5/krb/rd_rep.c 23 Aug 2004 03:37:27 -0000
|
|
***************
|
|
*** 71,76 ****
|
|
--- 71,78 ----
|
|
|
|
/* now decode the decrypted stuff */
|
|
retval = decode_krb5_ap_rep_enc_part(&scratch, repl);
|
|
+ if (retval)
|
|
+ goto clean_scratch;
|
|
|
|
/* Check reply fields */
|
|
if (((*repl)->ctime != auth_context->authentp->ctime) ||
|
|
Index: src/lib/krb5/krb/send_tgs.c
|
|
===================================================================
|
|
RCS file: /cvs/krbdev/krb5/src/lib/krb5/krb/send_tgs.c,v
|
|
retrieving revision 5.55.2.1
|
|
diff -c -r5.55.2.1 send_tgs.c
|
|
*** src/lib/krb5/krb/send_tgs.c 13 May 2004 19:27:59 -0000 5.55.2.1
|
|
--- src/lib/krb5/krb/send_tgs.c 23 Aug 2004 03:37:27 -0000
|
|
***************
|
|
*** 269,274 ****
|
|
--- 269,276 ----
|
|
if (!tcp_only) {
|
|
krb5_error *err_reply;
|
|
retval = decode_krb5_error(&rep->response, &err_reply);
|
|
+ if (retval)
|
|
+ goto send_tgs_error_3;
|
|
if (err_reply->error == KRB_ERR_RESPONSE_TOO_BIG) {
|
|
tcp_only = 1;
|
|
krb5_free_error(context, err_reply);
|
|
***************
|
|
*** 277,282 ****
|
|
--- 279,286 ----
|
|
goto send_again;
|
|
}
|
|
krb5_free_error(context, err_reply);
|
|
+ send_tgs_error_3:
|
|
+ ;
|
|
}
|
|
rep->message_type = KRB5_ERROR;
|
|
} else if (krb5_is_tgs_rep(&rep->response))
|