drop patch for CVE-2014-4344, included in 1.12.2

2 files changed, 1 insertions, 46 deletions

diff --git a/krb5-gssapi-spnego-deref.patch b/krb5-gssapi-spnego-deref.patch
deleted file mode 100644
index b529d03..0000000
--- a/krb5-gssapi-spnego-deref.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-commit 524688ce87a15fc75f87efc8c039ba4c7d5c197b
-Author: Greg Hudson <ghudson@mit.edu>
-Date:   Tue Jul 15 12:56:01 2014 -0400
-
-    Fix null deref in SPNEGO acceptor [CVE-2014-4344]
-    
-    When processing a continuation token, acc_ctx_cont was dereferencing
-    the initial byte of the token without checking the length.  This could
-    result in a null dereference.
-    
-    CVE-2014-4344:
-    
-    In MIT krb5 1.5 and newer, an unauthenticated or partially
-    authenticated remote attacker can cause a NULL dereference and
-    application crash during a SPNEGO negotiation by sending an empty
-    token as the second or later context token from initiator to acceptor.
-    The attacker must provide at least one valid context token in the
-    security context negotiation before sending the empty token.  This can
-    be done by an unauthenticated attacker by forcing SPNEGO to
-    renegotiate the underlying mechanism, or by using IAKERB to wrap an
-    unauthenticated AS-REQ as the first token.
-    
-        CVSSv2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:POC/RL:OF/RC:C
-    
-    [kaduk@mit.edu: CVE summary, CVSSv2 vector]
-    
-    ticket: 7970 (new)
-    subject: NULL dereference in SPNEGO acceptor for continuation tokens [CVE-2014-4344]
-    target_version: 1.12.2
-    tags: pullup
-
-diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c
-index 8f829d8..2aa6810 100644
---- a/src/lib/gssapi/spnego/spnego_mech.c
-+++ b/src/lib/gssapi/spnego/spnego_mech.c
-@@ -1468,7 +1468,7 @@ acc_ctx_cont(OM_uint32 *minstat,
- 
- 	ptr = bufstart = buf->value;
- #define REMAIN (buf->length - (ptr - bufstart))
--	if (REMAIN > INT_MAX)
-+	if (REMAIN == 0 || REMAIN > INT_MAX)
- 		return GSS_S_DEFECTIVE_TOKEN;
- 
- 	/*
diff --git a/krb5.spec b/krb5.spec
index 5734700..0e7c740 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -98,7 +98,6 @@ Patch139: krb5-master-rcache-acquirecred-source.patch
 Patch141: krb5-master-rcache-acquirecred-test.patch
 Patch142: krb5-master-move-otp-sockets.patch
 Patch145: krb5-master-mechd.patch
-Patch149: krb5-gssapi-spnego-deref.patch
 Patch150: http://web.mit.edu/kerberos/advisories/2014-001-patch.txt
 Patch151: http://web.mit.edu/kerberos/advisories/2014-001-patch.txt.asc
 Patch201: 0001-In-ksu-merge-krb5_ccache_copy-and-_restricted.patch
@@ -348,7 +347,6 @@ ln -s NOTICE LICENSE
 %patch141 -p1 -b .rcache-acquirecred-test
 %patch142 -p1 -b .move-otp-sockets
 %patch145 -p1 -b .master-mechd
-%patch149 -p1 -b .gssapi-spnego-deref
 %patch150 -p1 -b .2014-001
 
 # Take the execute bit off of documentation.
@@ -1037,6 +1035,7 @@ exit 0
   - drop patch for RT#7926, fixed in 1.12.2
   - drop patches for CVE-2014-4341/CVE-2014-4342, included in 1.12.2
   - drop patch for CVE-2014-4343, included in 1.12.2
+  - drop patch for CVE-2014-4344, included in 1.12.2
 - replace older proposed changes for ksu with backports of the changes
   after review and merging upstream (#1015559, #1026099, #1118347)