From 49317b192b9f29145a427dc7de21faf0aa1a3baf Mon Sep 17 00:00:00 2001
From: Nalin Dahyabhai <nalin@redhat.com>
Date: Thu, 7 Aug 2014 19:31:10 -0400
Subject: fix MITKRB5-SA-2014-001 (CVE-2014-4345)

- incorporate fix for MITKRB5-SA-2014-001 (CVE-2014-4345)
---
 2014-001-patch.txt     |  14 ++++++++++++++
 2014-001-patch.txt.asc | Bin 0 -> 419 bytes
 krb5.spec              |  10 +++++++++-
 3 files changed, 23 insertions(+), 1 deletion(-)
 create mode 100644 2014-001-patch.txt
 create mode 100644 2014-001-patch.txt.asc

diff --git a/2014-001-patch.txt b/2014-001-patch.txt
new file mode 100644
index 0000000..19ea866
--- /dev/null
+++ b/2014-001-patch.txt
@@ -0,0 +1,14 @@
+diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
+index ce851ea..df5934c 100644
+--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
++++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
+@@ -456,7 +456,8 @@ krb5_encode_krbsecretkey(krb5_key_data *key_data_in, int n_key_data,
+             j++;
+             last = i + 1;
+
+-            currkvno = key_data[i].key_data_kvno;
++            if (i < n_key_data - 1)
++                currkvno = key_data[i + 1].key_data_kvno;
+         }
+     }
+     ret[num_versions] = NULL;
diff --git a/2014-001-patch.txt.asc b/2014-001-patch.txt.asc
new file mode 100644
index 0000000..adefc75
Binary files /dev/null and b/2014-001-patch.txt.asc differ
diff --git a/krb5.spec b/krb5.spec
index fddf365..19a0dac 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -41,7 +41,7 @@
 Summary: The Kerberos network authentication system
 Name: krb5
 Version: 1.11.5
-Release: 10%{?dist}
+Release: 11%{?dist}
 # Maybe we should explode from the now-available-to-everybody tarball instead?
 # http://web.mit.edu/kerberos/dist/krb5/1.11/krb5-1.11.5-signed.tar
 Source0: krb5-%{version}.tar.gz
@@ -130,6 +130,9 @@ Patch163: krb5-1.11-CVE-2014-4341_4342-tests.patch
 Patch164: krb5-gssapi-mech-doublefree.patch
 Patch165: krb5-gssapi-spnego-deref.patch
 
+Patch166: http://web.mit.edu/kerberos/advisories/2014-001-patch.txt
+Patch167: http://web.mit.edu/kerberos/advisories/2014-001-patch.txt.asc
+
 # Patches for otp plugin backport
 Patch201: krb5-1.11.2-keycheck.patch
 Patch202: krb5-1.11.2-otp.patch
@@ -419,6 +422,8 @@ ln -s NOTICE LICENSE
 %patch164 -p1 -b .gssapi-mech-doublefree
 %patch165 -p1 -b .gssapi-spnego-deref
 
+%patch166 -p1 -b .2014-001
+
 %patch201 -p1 -b .keycheck
 %patch202 -p1 -b .otp
 %patch203 -p1 -b .otp2
@@ -1091,6 +1096,9 @@ exit 0
 %{_sbindir}/uuserver
 
 %changelog
+* Thu Aug  7 2014 Nalin Dahyabhai <nalin@redhat.com> - 1.11.5-11
+- incorporate fix for MITKRB5-SA-2014-001 (CVE-2014-4345)
+
 * Mon Jul 21 2014 Nalin Dahyabhai <nalin@redhat.com> - 1.11.5-10
 - gssapi: pull in upstream fix for a possible NULL dereference
   in spnego (CVE-2014-4344)
-- 
cgit