switch to the final patch

author: Nalin Dahyabhai <nalin@redhat.com> 2010-11-30 14:17:42 -0500
committer: Nalin Dahyabhai <nalin@redhat.com> 2010-11-30 14:17:42 -0500
commit: 4ea64b866f2bb14ecf69282d9cd6bfc3db1d566e (patch)
tree: 907c4203ac5033ed4993a85dc33f5acf7699b41c
parent: c1d9e749c9273ac042a7ac7690a55c70c8ad9a6a (diff)
download: krb5-4ea64b866f2bb14ecf69282d9cd6bfc3db1d566e.tar.gz
krb5-4ea64b866f2bb14ecf69282d9cd6bfc3db1d566e.tar.xz
krb5-4ea64b866f2bb14ecf69282d9cd6bfc3db1d566e.zip
2 files changed, 41 insertions, 41 deletions
diff --git a/krb5-1.7-MITKRB5SA-2010-007.patch b/2010-007-patch-r17.txt
index 9be516f..0060820 100644
--- a/krb5-1.7-MITKRB5SA-2010-007.patch
+++ b/2010-007-patch-r17.txt
@@ -1,7 +1,7 @@
 Index: krb5-1.7/src/plugins/preauth/pkinit/pkinit_srv.c
 ===================================================================
---- krb5-1.7/src/plugins/preauth/pkinit/pkinit_srv.c    (revision 24455)
-+++ krb5-1.7/src/plugins/preauth/pkinit/pkinit_srv.c    (working copy)
+--- krb5-1.7/src/plugins/preauth/pkinit/pkinit_srv.c	(revision 24455)
++++ krb5-1.7/src/plugins/preauth/pkinit/pkinit_srv.c	(working copy)
 @@ -664,8 +664,7 @@
      krb5_reply_key_pack *key_pack = NULL;
      krb5_reply_key_pack_draft9 *key_pack9 = NULL;
@@ -21,26 +21,26 @@ Index: krb5-1.7/src/plugins/preauth/pkinit/pkinit_srv.c
 -		encrypting_key->enctype, &num_types, &cksum_types);
 -	    if (retval)
 -		goto cleanup;
-+	    switch (encrypting_key->enctype) {
-+	    case ENCTYPE_DES_CBC_MD4:
-+		cksum_type = CKSUMTYPE_RSA_MD4_DES;
-+		break;
-+	    case ENCTYPE_DES_CBC_MD5:
-+	    case ENCTYPE_DES_CBC_CRC:
-+		cksum_type = CKSUMTYPE_RSA_MD5_DES;
-+		break;
-+	    default:
-+		retval = krb5int_c_mandatory_cksumtype(context,
-+						       encrypting_key->enctype,
-+						       &cksum_type);
-+		if (retval)
-+		    goto cleanup;
-+		break;
-+	    }
++            switch (encrypting_key->enctype) {
++            case ENCTYPE_DES_CBC_MD4:
++                cksum_type = CKSUMTYPE_RSA_MD4_DES;
++                break;
++            case ENCTYPE_DES_CBC_MD5:
++            case ENCTYPE_DES_CBC_CRC:
++                cksum_type = CKSUMTYPE_RSA_MD5_DES;
++                break;
++            default:
++                retval = krb5int_c_mandatory_cksumtype(context,
++                                                       encrypting_key->enctype,
++                                                       &cksum_type);
++                if (retval)
++                    goto cleanup;
++                break;
++            }
  
 -	    /* pick the first of acceptable enctypes for the checksum */
 -	    retval = krb5_c_make_checksum(context, cksum_types[0],
-+	    retval = krb5_c_make_checksum(context, cksum_type,
++            retval = krb5_c_make_checksum(context, cksum_type,
  		    encrypting_key, KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM,
  		    req_pkt, &key_pack->asChecksum);
  	    if (retval) {
@@ -55,20 +55,20 @@ Index: krb5-1.7/src/plugins/preauth/pkinit/pkinit_srv.c
  	case KRB5_PADATA_PK_AS_REQ:
 Index: krb5-1.7/src/lib/crypto/keyed_checksum_types.c
 ===================================================================
---- krb5-1.7/src/lib/crypto/keyed_checksum_types.c      (revision 24455)
-+++ krb5-1.7/src/lib/crypto/keyed_checksum_types.c      (working copy)
+--- krb5-1.7/src/lib/crypto/keyed_checksum_types.c	(revision 24455)
++++ krb5-1.7/src/lib/crypto/keyed_checksum_types.c	(working copy)
 @@ -51,6 +51,16 @@
  {
      unsigned int i, c;
  
 +    if (enctype == ENCTYPE_ARCFOUR_HMAC ||
-+       enctype == ENCTYPE_ARCFOUR_HMAC_EXP) {
-+       *count = 2;
-+       if ((*cksumtypes = malloc(2*sizeof(krb5_cksumtype))) == NULL)
-+           return(ENOMEM);
-+       (*cksumtypes)[0] = CKSUMTYPE_HMAC_MD5_ARCFOUR;
-+       (*cksumtypes)[1] = CKSUMTYPE_MD5_HMAC_ARCFOUR;
-+       return(0);
++	enctype == ENCTYPE_ARCFOUR_HMAC_EXP) {
++	*count = 2;
++	if ((*cksumtypes = malloc(2*sizeof(krb5_cksumtype))) == NULL)
++	    return(ENOMEM);
++	(*cksumtypes)[0] = CKSUMTYPE_HMAC_MD5_ARCFOUR;
++	(*cksumtypes)[1] = CKSUMTYPE_MD5_HMAC_ARCFOUR;
++	return(0);
 +    }
 +
      c = 0;
@@ -76,8 +76,8 @@ Index: krb5-1.7/src/lib/crypto/keyed_checksum_types.c
  	if ((krb5_cksumtypes_list[i].keyhash &&
 Index: krb5-1.7/src/lib/crypto/dk/derive.c
 ===================================================================
---- krb5-1.7/src/lib/crypto/dk/derive.c (revision 24455)
-+++ krb5-1.7/src/lib/crypto/dk/derive.c (working copy)
+--- krb5-1.7/src/lib/crypto/dk/derive.c	(revision 24455)
++++ krb5-1.7/src/lib/crypto/dk/derive.c	(working copy)
 @@ -40,6 +40,8 @@
      keybytes = enc->keybytes;
      keylength = enc->keylength;
@@ -89,8 +89,8 @@ Index: krb5-1.7/src/lib/crypto/dk/derive.c
  	return(KRB5_CRYPTO_INTERNAL);
 Index: krb5-1.7/src/lib/gssapi/krb5/util_crypt.c
 ===================================================================
---- krb5-1.7/src/lib/gssapi/krb5/util_crypt.c   (revision 24455)
-+++ krb5-1.7/src/lib/gssapi/krb5/util_crypt.c   (working copy)
+--- krb5-1.7/src/lib/gssapi/krb5/util_crypt.c	(revision 24455)
++++ krb5-1.7/src/lib/gssapi/krb5/util_crypt.c	(working copy)
 @@ -109,10 +109,22 @@
      if (code != 0)
          return code;
@@ -120,8 +120,8 @@ Index: krb5-1.7/src/lib/gssapi/krb5/util_crypt.c
      case ENCTYPE_DES_CBC_MD5:
 Index: krb5-1.7/src/lib/krb5/krb/pac.c
 ===================================================================
---- krb5-1.7/src/lib/krb5/krb/pac.c     (revision 24455)
-+++ krb5-1.7/src/lib/krb5/krb/pac.c     (working copy)
+--- krb5-1.7/src/lib/krb5/krb/pac.c	(revision 24455)
++++ krb5-1.7/src/lib/krb5/krb/pac.c	(working copy)
 @@ -524,6 +524,8 @@
      checksum.checksum_type = load_32_le(p);
      checksum.length = checksum_data.length - PAC_SIGNATURE_DATA_LENGTH;
@@ -133,16 +133,16 @@ Index: krb5-1.7/src/lib/krb5/krb/pac.c
      pac_data.data = malloc(pac->data.length);
 Index: krb5-1.7/src/lib/krb5/krb/preauth2.c
 ===================================================================
---- krb5-1.7/src/lib/krb5/krb/preauth2.c        (revision 24455)
-+++ krb5-1.7/src/lib/krb5/krb/preauth2.c        (working copy)
+--- krb5-1.7/src/lib/krb5/krb/preauth2.c	(revision 24455)
++++ krb5-1.7/src/lib/krb5/krb/preauth2.c	(working copy)
 @@ -1579,7 +1579,9 @@
  
     cksum = sc2->sam_cksum;
     
 -   while (*cksum) {
 +   for (; *cksum; cksum++) {
-+	if (!krb5_c_is_keyed_cksum((*cksum)->checksum_type))
-+	    continue;
++        if (!krb5_c_is_keyed_cksum((*cksum)->checksum_type))
++            continue;
  	/* Check this cksum */
  	retval = krb5_c_verify_checksum(context, as_key,
  			KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM,
@@ -156,8 +156,8 @@ Index: krb5-1.7/src/lib/krb5/krb/preauth2.c
     if (!valid_cksum) {
 Index: krb5-1.7/src/lib/krb5/krb/mk_safe.c
 ===================================================================
---- krb5-1.7/src/lib/krb5/krb/mk_safe.c (revision 24455)
-+++ krb5-1.7/src/lib/krb5/krb/mk_safe.c (working copy)
+--- krb5-1.7/src/lib/krb5/krb/mk_safe.c	(revision 24455)
++++ krb5-1.7/src/lib/krb5/krb/mk_safe.c	(working copy)
 @@ -213,10 +213,29 @@
  	for (i = 0; i < nsumtypes; i++)
  		if (auth_context->safe_cksumtype == sumtypes[i])
diff --git a/krb5.spec b/krb5.spec
index f3da880..79ca3f8 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -91,7 +91,7 @@ Patch101: http://web.mit.edu/kerberos/advisories/2010-004-patch.txt
 Patch102: krb5-CVE-2010-1321-1.7.1.patch
 Patch103: krb5-1.7.1-24139.patch
 Patch104: krb5-1.7.1-explife.patch
-Patch105: krb5-1.7-MITKRB5SA-2010-007.patch
+Patch105: http://web.mit.edu/kerberos/advisories/2010-007-patch-r17.txt
 
 License: MIT
 URL: http://web.mit.edu/kerberos/www/
author	Nalin Dahyabhai <nalin@redhat.com>	2010-11-30 14:17:42 -0500
committer	Nalin Dahyabhai <nalin@redhat.com>	2010-11-30 14:17:42 -0500
commit	4ea64b866f2bb14ecf69282d9cd6bfc3db1d566e (patch)
tree	907c4203ac5033ed4993a85dc33f5acf7699b41c
parent	c1d9e749c9273ac042a7ac7690a55c70c8ad9a6a (diff)
download	krb5-4ea64b866f2bb14ecf69282d9cd6bfc3db1d566e.tar.gz krb5-4ea64b866f2bb14ecf69282d9cd6bfc3db1d566e.tar.xz krb5-4ea64b866f2bb14ecf69282d9cd6bfc3db1d566e.zip