drop patch for CVE-2014-4343, included in 1.12.2

2 files changed, 1 insertions, 63 deletions

diff --git a/krb5-gssapi-mech-doublefree.patch b/krb5-gssapi-mech-doublefree.patch
deleted file mode 100644
index a52d541..0000000
--- a/krb5-gssapi-mech-doublefree.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-commit f18ddf5d82de0ab7591a36e465bc24225776940f
-Author: David Woodhouse <David.Woodhouse@intel.com>
-Date:   Tue Jul 15 12:54:15 2014 -0400
-
-    Fix double-free in SPNEGO [CVE-2014-4343]
-    
-    In commit cd7d6b08 ("Verify acceptor's mech in SPNEGO initiator") the
-    pointer sc->internal_mech became an alias into sc->mech_set->elements,
-    which should be considered constant for the duration of the SPNEGO
-    context.  So don't free it.
-    
-    CVE-2014-4343:
-    
-    In MIT krb5 releases 1.10 and newer, an unauthenticated remote
-    attacker with the ability to spoof packets appearing to be from a
-    GSSAPI acceptor can cause a double-free condition in GSSAPI initiators
-    (clients) which are using the SPNEGO mechanism, by returning a
-    different underlying mechanism than was proposed by the initiator.  At
-    this stage of the negotiation, the acceptor is unauthenticated, and
-    the acceptor's response could be spoofed by an attacker with the
-    ability to inject traffic to the initiator.
-    
-    Historically, some double-free vulnerabilities can be translated into
-    remote code execution, though the necessary exploits must be tailored
-    to the individual application and are usually quite
-    complicated. Double-frees can also be exploited to cause an
-    application crash, for a denial of service.  However, most GSSAPI
-    client applications are not vulnerable, as the SPNEGO mechanism is not
-    used by default (when GSS_C_NO_OID is passed as the mech_type argument
-    to gss_init_sec_context()).  The most common use of SPNEGO is for
-    HTTP-Negotiate, used in web browsers and other web clients.  Most such
-    clients are believed to not offer HTTP-Negotiate by default, instead
-    requiring a whitelist of sites for which it may be used to be
-    configured.  If the whitelist is configured to only allow
-    HTTP-Negotiate over TLS connections ("https://"), a successful
-    attacker must also spoof the web server's SSL certificate, due to the
-    way the WWW-Authenticate header is sent in a 401 (Unauthorized)
-    response message.  Unfortunately, many instructions for enabling
-    HTTP-Negotiate in common web browsers do not include a TLS
-    requirement.
-    
-        CVSSv2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C
-    
-    [kaduk@mit.edu: CVE summary and CVSSv2 vector]
-    
-    ticket: 7969 (new)
-    target_version: 1.12.2
-    tags: pullup
-
-diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c
-index 173c6d2..8f829d8 100644
---- a/src/lib/gssapi/spnego/spnego_mech.c
-+++ b/src/lib/gssapi/spnego/spnego_mech.c
-@@ -818,7 +818,6 @@ init_ctx_reselect(OM_uint32 *minor_status, spnego_gss_ctx_id_t sc,
- 	OM_uint32 tmpmin;
- 	size_t i;
- 
--	generic_gss_release_oid(&tmpmin, &sc->internal_mech);
- 	gss_delete_sec_context(&tmpmin, &sc->ctx_handle,
- 			       GSS_C_NO_BUFFER);
- 
diff --git a/krb5.spec b/krb5.spec
index 6330b6c..5734700 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -98,7 +98,6 @@ Patch139: krb5-master-rcache-acquirecred-source.patch
 Patch141: krb5-master-rcache-acquirecred-test.patch
 Patch142: krb5-master-move-otp-sockets.patch
 Patch145: krb5-master-mechd.patch
-Patch148: krb5-gssapi-mech-doublefree.patch
 Patch149: krb5-gssapi-spnego-deref.patch
 Patch150: http://web.mit.edu/kerberos/advisories/2014-001-patch.txt
 Patch151: http://web.mit.edu/kerberos/advisories/2014-001-patch.txt.asc
@@ -349,7 +348,6 @@ ln -s NOTICE LICENSE
 %patch141 -p1 -b .rcache-acquirecred-test
 %patch142 -p1 -b .move-otp-sockets
 %patch145 -p1 -b .master-mechd
-%patch148 -p1 -b .gssapi-mech-doublefree
 %patch149 -p1 -b .gssapi-spnego-deref
 %patch150 -p1 -b .2014-001
 
@@ -1038,6 +1036,7 @@ exit 0
   - drop patch for RT#7924, fixed in 1.12.2
   - drop patch for RT#7926, fixed in 1.12.2
   - drop patches for CVE-2014-4341/CVE-2014-4342, included in 1.12.2
+  - drop patch for CVE-2014-4343, included in 1.12.2
 - replace older proposed changes for ksu with backports of the changes
   after review and merging upstream (#1015559, #1026099, #1118347)