diff options
author | Nalin Dahyabhai <nalin@redhat.com> | 2010-10-05 15:29:44 -0400 |
---|---|---|
committer | Nalin Dahyabhai <nalin@redhat.com> | 2010-10-05 15:29:44 -0400 |
commit | 561f1591fb4ffdffa520dd11eac52a1bffd6a47a (patch) | |
tree | b4c7efef6b88edb4ce578c6993739038be956169 | |
parent | 62900e26801bc06e9e7c3ac69e2880f62c09c7c4 (diff) | |
download | krb5-561f1591fb4ffdffa520dd11eac52a1bffd6a47a.tar.gz krb5-561f1591fb4ffdffa520dd11eac52a1bffd6a47a.tar.xz krb5-561f1591fb4ffdffa520dd11eac52a1bffd6a47a.zip |
- incorporate upstream patch to fix uninitialized pointer crash in the KDC's authorization data handling (CVE-2010-1322, #636335)krb5-1.8.2-6.fc14
-rw-r--r-- | krb5-1.8.x-authdata.patch | 34 | ||||
-rw-r--r-- | krb5.spec | 8 |
2 files changed, 41 insertions, 1 deletions
diff --git a/krb5-1.8.x-authdata.patch b/krb5-1.8.x-authdata.patch new file mode 100644 index 0000000..a5bce28 --- /dev/null +++ b/krb5-1.8.x-authdata.patch @@ -0,0 +1,34 @@ +Candidate fix for CVE-2010-1322. + +diff -up krb5/src/kdc/kdc_authdata.c krb5/src/kdc/kdc_authdata.c +--- krb5/src/kdc/kdc_authdata.c 2010-09-22 16:01:55.196827943 -0400 ++++ krb5/src/kdc/kdc_authdata.c 2010-09-22 16:01:58.282828001 -0400 +@@ -495,7 +495,7 @@ merge_authdata (krb5_context context, + krb5_boolean copy, + krb5_boolean ignore_kdc_issued) + { +- size_t i, nadata = 0; ++ size_t i, j, nadata = 0; + krb5_authdata **authdata = *out_authdata; + + if (in_authdata == NULL || in_authdata[0] == NULL) +@@ -529,16 +529,16 @@ merge_authdata (krb5_context context, + in_authdata = tmp; + } + +- for (i = 0; in_authdata[i] != NULL; i++) { ++ for (i = 0, j = 0; in_authdata[i] != NULL; i++) { + if (ignore_kdc_issued && + is_kdc_issued_authdatum(context, in_authdata[i], 0)) { + free(in_authdata[i]->contents); + free(in_authdata[i]); + } else +- authdata[nadata + i] = in_authdata[i]; ++ authdata[nadata + j++] = in_authdata[i]; + } + +- authdata[nadata + i] = NULL; ++ authdata[nadata + j] = NULL; + + free(in_authdata); + @@ -5,7 +5,7 @@ Summary: The Kerberos network authentication system Name: krb5 Version: 1.8.2 -Release: 5%{?dist} +Release: 6%{?dist} # Maybe we should explode from the now-available-to-everybody tarball instead? # http://web.mit.edu/kerberos/dist/krb5/1.8/krb5-1.8.2-signed.tar Source0: krb5-%{version}.tar.gz @@ -54,6 +54,7 @@ Patch75: krb5-trunk-explife.patch Patch76: krb5-trunk-key_usage.patch Patch77: krb5-trunk-signed.patch Patch78: krb5-trunk-k5login.patch +Patch79: krb5-1.8.x-authdata.patch License: MIT URL: http://web.mit.edu/kerberos/www/ @@ -198,6 +199,7 @@ ln -s NOTICE LICENSE %patch76 -p0 -b .key_usage %patch77 -p0 -b .signed %patch78 -p1 -b .k5login +%patch79 -p1 -b .authdata gzip doc/*.ps sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' doc/api/library.tex @@ -649,6 +651,10 @@ exit 0 %{_sbindir}/uuserver %changelog +* Tue Oct 5 2010 Nalin Dahyabhai <nalin@redhat.com> 1.8.2-6 +- incorporate upstream patch to fix uninitialized pointer crash in the KDC's + authorization data handling (CVE-2010-1322, #636335) + * Tue Oct 5 2010 Nalin Dahyabhai <nalin@redhat.com> 1.8.2-5 - pull down patches from trunk to implement k5login_authoritative and k5login_directory settings for krb5.conf (#539423) |