diff options
author | Nalin Dahyabhai <nalin@dahyabhai.net> | 2013-10-15 17:24:14 -0400 |
---|---|---|
committer | Nalin Dahyabhai <nalin@dahyabhai.net> | 2013-11-19 17:32:19 -0500 |
commit | 25fe69d88556ae81b5e68ce2f9a5369fe994f3a0 (patch) | |
tree | 4b8d1f07baea7c5ba333fa116fde9f8eb6f32dde | |
parent | a2e5f1f87226526cde76120db2e864a4908b3ac1 (diff) | |
download | krb5-25fe69d88556ae81b5e68ce2f9a5369fe994f3a0.tar.gz krb5-25fe69d88556ae81b5e68ce2f9a5369fe994f3a0.tar.xz krb5-25fe69d88556ae81b5e68ce2f9a5369fe994f3a0.zip |
Drop backport for RT#7643
-rw-r--r-- | krb5-1.11.2-arcfour_short.patch | 122 | ||||
-rw-r--r-- | krb5.spec | 3 |
2 files changed, 1 insertions, 124 deletions
diff --git a/krb5-1.11.2-arcfour_short.patch b/krb5-1.11.2-arcfour_short.patch deleted file mode 100644 index 2f67ae3..0000000 --- a/krb5-1.11.2-arcfour_short.patch +++ /dev/null @@ -1,122 +0,0 @@ -Needed by tests for empty-password cases. - -commit 1e123231769fe640f446442cb210664d280ccbac -Author: Greg Hudson <ghudson@mit.edu> -Date: Fri May 24 13:16:52 2013 -0400 - - Fix rc4 string-to-key on unterminated inputs - - The internal UTF-8 to UCS-2 conversion functions did not properly - respect their length arguments, instead assuming that the input string - is terminated with a zero bytes. As a result, - krb5int_arcfour_string_to_key could fail on unterminated inputs. Fix - the underlying support functions to read their inputs only up to the - specified length. - - ticket: 7643 (new) - -diff --git a/src/util/support/utf8_conv.c b/src/util/support/utf8_conv.c -index d580bbc..b8bf989 100644 ---- a/src/util/support/utf8_conv.c -+++ b/src/util/support/utf8_conv.c -@@ -78,7 +78,8 @@ k5_utf8s_to_ucs2s(krb5_ucs2 *ucs2str, - - /* If input ptr is NULL or empty... */ - if (utf8str == NULL || *utf8str == '\0') { -- *ucs2str = 0; -+ if (ucs2str != NULL) -+ *ucs2str = 0; - - return 0; - } -@@ -119,9 +120,7 @@ k5_utf8s_to_ucs2s(krb5_ucs2 *ucs2str, - ucs2len++; /* Count number of wide chars stored/required */ - } - -- assert(ucs2len < count); -- -- if (ucs2str != NULL) { -+ if (ucs2str != NULL && ucs2len < count) { - /* Add null terminator if there's room in the buffer. */ - ucs2str[ucs2len] = 0; - } -@@ -172,12 +171,13 @@ krb5int_utf8cs_to_ucs2s(const char *utf8s, - return ENOMEM; - } - -- len = k5_utf8s_to_ucs2s(*ucs2s, utf8s, chars + 1, 0); -+ len = k5_utf8s_to_ucs2s(*ucs2s, utf8s, chars, 0); - if (len < 0) { - free(*ucs2s); - *ucs2s = NULL; - return EINVAL; - } -+ (*ucs2s)[chars] = 0; - - if (ucs2chars != NULL) { - *ucs2chars = chars; -@@ -223,21 +223,23 @@ krb5int_utf8cs_to_ucs2les(const char *utf8s, - { - ssize_t len; - size_t chars; -+ krb5_ucs2 *ucs2s; - -- chars = krb5int_utf8c_chars(utf8s, utf8slen); -+ *ucs2les = NULL; - -- *ucs2les = (unsigned char *)malloc((chars + 1) * sizeof(krb5_ucs2)); -- if (*ucs2les == NULL) { -+ chars = krb5int_utf8c_chars(utf8s, utf8slen); -+ ucs2s = malloc((chars + 1) * sizeof(krb5_ucs2)); -+ if (ucs2s == NULL) - return ENOMEM; -- } - -- len = k5_utf8s_to_ucs2s((krb5_ucs2 *)*ucs2les, utf8s, chars + 1, 1); -+ len = k5_utf8s_to_ucs2s(ucs2s, utf8s, chars, 1); - if (len < 0) { -- free(*ucs2les); -- *ucs2les = NULL; -+ free(ucs2s); - return EINVAL; - } -+ ucs2s[chars] = 0; - -+ *ucs2les = (unsigned char *)ucs2s; - if (ucs2leslen != NULL) { - *ucs2leslen = chars * sizeof(krb5_ucs2); - } -@@ -402,13 +404,14 @@ krb5int_ucs2cs_to_utf8s(const krb5_ucs2 *ucs2s, - return ENOMEM; - } - -- len = k5_ucs2s_to_utf8s(*utf8s, (krb5_ucs2 *)ucs2s, -- (size_t)len + 1, (ssize_t)ucs2slen, 0); -+ len = k5_ucs2s_to_utf8s(*utf8s, (krb5_ucs2 *)ucs2s, (size_t)len, -+ (ssize_t)ucs2slen, 0); - if (len < 0) { - free(*utf8s); - *utf8s = NULL; - return EINVAL; - } -+ (*utf8s)[len] = '\0'; - - if (utf8slen != NULL) { - *utf8slen = len; -@@ -438,13 +441,14 @@ krb5int_ucs2lecs_to_utf8s(const unsigned char *ucs2les, - return ENOMEM; - } - -- len = k5_ucs2s_to_utf8s(*utf8s, (krb5_ucs2 *)ucs2les, -- (size_t)len + 1, (ssize_t)ucs2leslen, 1); -+ len = k5_ucs2s_to_utf8s(*utf8s, (krb5_ucs2 *)ucs2les, (size_t)len, -+ (ssize_t)ucs2leslen, 1); - if (len < 0) { - free(*utf8s); - *utf8s = NULL; - return EINVAL; - } -+ (*utf8s)[len] = '\0'; - - if (utf8slen != NULL) { - *utf8slen = len; @@ -88,7 +88,6 @@ Patch63: krb5-1.12-selinux-label.patch Patch71: krb5-1.11-dirsrv-accountlock.patch Patch86: krb5-1.9-debuginfo.patch Patch105: krb5-kvno-230379.patch -Patch124: krb5-1.11.2-arcfour_short.patch Patch125: krb5-1.11.2-skew1.patch Patch126: krb5-1.11.2-skew2.patch Patch127: krb5-master-test_gss_no_udp.patch @@ -317,7 +316,6 @@ ln -s NOTICE LICENSE %patch71 -p1 -b .dirsrv-accountlock %{?_rawbuild} %patch86 -p0 -b .debuginfo %patch105 -p1 -b .kvno -%patch124 -p1 -b .arcfour_short %patch125 -p1 -b .skew1 %patch126 -p1 -b .skew2 %patch127 -p1 -b .test_gss_no_udp @@ -1029,6 +1027,7 @@ exit 0 - drop backport for RT#7598 - drop backport for RT#7172 - drop backport for RT#7642 + - drop backport for RT#7643 * Wed Oct 16 2013 Nalin Dahyabhai <nalin@redhat.com> - 1.11.3-26 - create and own /etc/gss (#1019937) |