diff options
| author | Nalin Dahyabhai <nalin@fedoraproject.org> | 2010-03-03 16:09:49 +0000 |
|---|---|---|
| committer | Nalin Dahyabhai <nalin@fedoraproject.org> | 2010-03-03 16:09:49 +0000 |
| commit | 85f351a3886ff1e5eec77973d696fda5f7e55eb8 (patch) | |
| tree | 31374a9446dd8f65c0c9debcbb50d3f6dcdb4225 | |
| parent | ab8504508b599daa16658d9bb48a90b22155b875 (diff) | |
| download | krb5-85f351a3886ff1e5eec77973d696fda5f7e55eb8.tar.gz krb5-85f351a3886ff1e5eec77973d696fda5f7e55eb8.tar.xz krb5-85f351a3886ff1e5eec77973d696fda5f7e55eb8.zip | |
- fix a null pointer dereference and crash introduced in our PAM patch thatkrb5-1_7_1-5_fc13
would happen if ftpd was given the name of a user who wasn't known to
the local system, limited to being triggerable by gssapi-authenticated
clients by the default xinetd config (Olivier Fourdan, #569472)
| -rw-r--r-- | krb5-1.7-pam.patch | 6 | ||||
| -rw-r--r-- | krb5.spec | 8 |
2 files changed, 10 insertions, 4 deletions
diff --git a/krb5-1.7-pam.patch b/krb5-1.7-pam.patch index 6e5a6f7..33331da 100644 --- a/krb5-1.7-pam.patch +++ b/krb5-1.7-pam.patch @@ -937,7 +937,7 @@ diff -up krb5-1.7/src/appl/gssftp/ftpd/ftpd.c krb5-1.7/src/appl/gssftp/ftpd/ftpd +#ifdef USE_PAM + if (appl_pam_enabled(kcontext, "ftpd")) { + if (appl_pam_acct_mgmt(FTP_PAM_SERVICE, 0, -+ pw->pw_name, "", ++ name, "", + hostname, + NULL, + FTP_PAM_SERVICE) != 0) { @@ -971,7 +971,7 @@ diff -up krb5-1.7/src/appl/gssftp/ftpd/ftpd.c krb5-1.7/src/appl/gssftp/ftpd/ftpd - if (pw == NULL || (!kpass(pw->pw_name, passwd) && - (want_creds || !*pw->pw_passwd || - strcmp(xpasswd, pw->pw_passwd)))) { -+ if ((pw == NULL) || ++ if ((pw == NULL) || ( +#ifdef USE_PAM + appl_pam_enabled(kcontext, "ftpd") ? + (appl_pam_authenticate(FTP_PAM_SERVICE, 0, @@ -983,7 +983,7 @@ diff -up krb5-1.7/src/appl/gssftp/ftpd/ftpd.c krb5-1.7/src/appl/gssftp/ftpd/ftpd + (!kpass(pw->pw_name, passwd) && + (want_creds || + !*pw->pw_passwd || -+ strcmp(xpasswd, pw->pw_passwd)))) { ++ strcmp(xpasswd, pw->pw_passwd))))) { pw = NULL; sleep(5); if (++login_attempts >= 3) { @@ -10,7 +10,7 @@ Summary: The Kerberos network authentication system Name: krb5 Version: 1.7.1 -Release: 4%{?dist} +Release: 5%{?dist} # Maybe we should explode from the now-available-to-everybody tarball instead? # http://web.mit.edu/kerberos/dist/krb5/1.7/krb5-1.7.1-signed.tar Source0: krb5-%{version}.tar.gz @@ -224,6 +224,12 @@ to obtain initial credentials from a KDC using a private key and a certificate. %changelog +* Wed Mar 3 2010 Nalin Dahyabhai <nalin@redhat.com> - 1.7.1-5 +- fix a null pointer dereference and crash introduced in our PAM patch that + would happen if ftpd was given the name of a user who wasn't known to the + local system, limited to being triggerable by gssapi-authenticated clients by + the default xinetd config (Olivier Fourdan, #569472) + * Tue Mar 2 2010 Nalin Dahyabhai <nalin@redhat.com> - 1.7.1-4 - fix a regression (not labeling a kdb database lock file correctly, #569902) |