diff options
| author | Nalin Dahyabhai <nalin@dahyabhai.net> | 2013-04-15 11:12:33 -0400 |
|---|---|---|
| committer | Nalin Dahyabhai <nalin@dahyabhai.net> | 2013-04-15 11:12:33 -0400 |
| commit | 900d5ec360a0fb3398f59990351178f85f7fcaa7 (patch) | |
| tree | 55e9f6e2a0814a357da22cbb7404f1c1397c8a2d | |
| parent | 57b592e88663b6575be28ad7afa4d4497e2279af (diff) | |
| download | krb5-900d5ec360a0fb3398f59990351178f85f7fcaa7.tar.gz krb5-900d5ec360a0fb3398f59990351178f85f7fcaa7.tar.xz krb5-900d5ec360a0fb3398f59990351178f85f7fcaa7.zip | |
keep track of the message type of FAST requestskrb5-1.10.2-11.fc17
- pull in fix for keeping track of the message type when parsing FAST
requests in the KDC (RT#7605, #951964)
| -rw-r--r-- | krb5-fast-msg_type.patch | 30 | ||||
| -rw-r--r-- | krb5.spec | 8 |
2 files changed, 37 insertions, 1 deletions
diff --git a/krb5-fast-msg_type.patch b/krb5-fast-msg_type.patch new file mode 100644 index 0000000..392860f --- /dev/null +++ b/krb5-fast-msg_type.patch @@ -0,0 +1,30 @@ +Modified to apply to 1.10.3. + +commit 3fbdcd0965180b46c545187e7784350340ae88ee +Author: Greg Hudson <ghudson@mit.edu> +Date: Fri Apr 12 16:28:14 2013 -0400 + + Set msg_type when decoding FAST requests + + An RFC 6113 KrbFastReq contains a padata sequence and a KDC-REQ-BODY, + neither of which contain the msg-type field found in a KDC-REQ. So + when we decode the FAST request, the resulting krb5_kdc_req structure + has a msg_type of 0. Copy msg_type from the outer body, since we make + use of it in further KDC processing. + + ticket: 7605 (new) + target_version: 1.11.3 + tags: pullup + +diff --git a/src/kdc/fast_util.c b/src/kdc/fast_util.c +index 40c5783..4fa36c6 100644 +--- a/src/kdc/fast_util.c ++++ b/src/kdc/fast_util.c +@@ -239,6 +239,7 @@ kdc_find_fast(krb5_kdc_req **requestptr, + KRB5_PADATA_FX_COOKIE); + if (retval == 0) { + state->fast_options = fast_req->fast_options; ++ fast_req->req_body->msg_type = request->msg_type; + krb5_free_kdc_req( kdc_context, request); + *requestptr = fast_req->req_body; + fast_req->req_body = NULL; @@ -20,7 +20,7 @@ Summary: The Kerberos network authentication system Name: krb5 Version: 1.10.2 -Release: 10%{?dist} +Release: 11%{?dist} # Maybe we should explode from the now-available-to-everybody tarball instead? # http://web.mit.edu/kerberos/dist/krb5/1.10/krb5-1.10.2-signed.tar Source0: krb5-%{version}.tar.gz @@ -74,6 +74,7 @@ Patch109: krb5-1.10-pkinit-null.patch Patch110: krb5-lookup_etypes-leak.patch Patch111: krb5-1.10-pkinit-agility.patch Patch112: krb5-1.10-CVE-2013-1416.patch +Patch113: krb5-fast-msg_type.patch License: MIT URL: http://web.mit.edu/kerberos/www/ @@ -257,6 +258,7 @@ ln -s NOTICE LICENSE %patch110 -p1 -b .lookup_etypes-leak %patch111 -p1 -b .pkinit-agility %patch112 -p1 -b .CVE-2013-1416 +%patch113 -p1 -b .fast-msg_type rm src/lib/krb5/krb/deltat.c gzip doc/*.ps @@ -776,6 +778,10 @@ exit 0 %{_sbindir}/uuserver %changelog +* Mon Apr 15 2013 Nalin Dahyabhai <nalin@redhat.com> 1.10.2-11 +- pull fix for keeping track of the message type when parsing FAST requests in + the KDC (RT#7605, #951964) + * Tue Apr 9 2013 Nalin Dahyabhai <nalin@redhat.com> 1.10.2-10 - incorporate upstream patch to fix a NULL pointer dereference while processing certain TGS requests (CVE-2013-1416, #949984/#949987) |