rpms/krb5/F-13 2010-002-1.7-patch.txt,NONE,1.1 krb5.spec,1.244,1.245
Nalin Dahyabhai
nalin at fedoraproject.org
Tue Mar 23 18:28:16 UTC 2010
Author: nalin
Update of /cvs/pkgs/rpms/krb5/F-13
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv22235/F-13
Modified Files:
krb5.spec
Added Files:
2010-002-1.7-patch.txt
Log Message:
- add fix for denial-of-service in SPNEGO (CVE-2010-0628)
--- NEW FILE 2010-002-1.7-patch.txt ---
Tweaked copy of the 1.8-specific version at
http://web.mit.edu/kerberos/advisories/2010-002-patch.txt
Index: src/lib/gssapi/spnego/spnego_mech.c
===================================================================
--- src/lib/gssapi/spnego/spnego_mech.c (revision 23717)
+++ src/lib/gssapi/spnego/spnego_mech.c (working copy)
@@ -1570,7 +1570,7 @@
gss_buffer_desc mechtok_out = GSS_C_EMPTY_BUFFER;
spnego_gss_ctx_id_t sc = NULL;
OM_uint32 mechstat = GSS_S_FAILURE;
- int sendTokenInit = 0;
+ int sendTokenInit = 0, tmpret;
mechtok_in = mic_in = mic_out = GSS_C_NO_BUFFER;
@@ -1603,7 +1603,6 @@
if (delegated_cred_handle != NULL)
*delegated_cred_handle = GSS_C_NO_CREDENTIAL;
if (input_token->length == 0) {
- sendTokenInit = 1;
ret = acc_ctx_hints(minor_status,
context_handle,
verifier_cred_handle,
@@ -1611,6 +1610,7 @@
&return_token);
if (ret != GSS_S_COMPLETE)
goto cleanup;
+ sendTokenInit = 1;
ret = GSS_S_CONTINUE_NEEDED;
} else {
/* Can set negState to REQUEST_MIC */
@@ -1658,29 +1658,23 @@
&negState, &return_token);
}
cleanup:
- if (return_token != NO_TOKEN_SEND && return_token != CHECK_MIC) {
- /* For acceptor-sends-first send a tokenInit */
- int tmpret;
-
+ if (return_token == INIT_TOKEN_SEND && sendTokenInit) {
assert(sc != NULL);
-
- if (sendTokenInit) {
- tmpret = make_spnego_tokenInit_msg(sc,
- 1,
- mic_out,
- 0,
- GSS_C_NO_BUFFER,
- return_token,
- output_token);
- } else {
- tmpret = make_spnego_tokenTarg_msg(negState,
- sc ? sc->internal_mech : GSS_C_NO_OID,
- &mechtok_out, mic_out,
- return_token,
- output_token);
- }
+ tmpret = make_spnego_tokenInit_msg(sc, 1, mic_out, 0,
+ GSS_C_NO_BUFFER,
+ return_token, output_token);
if (tmpret < 0)
ret = GSS_S_FAILURE;
+ } else if (return_token != NO_TOKEN_SEND &&
+ return_token != CHECK_MIC) {
+ tmpret = make_spnego_tokenTarg_msg(negState,
+ sc ? sc->internal_mech :
+ GSS_C_NO_OID,
+ &mechtok_out, mic_out,
+ return_token,
+ output_token);
+ if (tmpret < 0)
+ ret = GSS_S_FAILURE;
}
if (ret == GSS_S_COMPLETE) {
*context_handle = (gss_ctx_id_t)sc->ctx_handle;
Index: krb5.spec
===================================================================
RCS file: /cvs/pkgs/rpms/krb5/F-13/krb5.spec,v
retrieving revision 1.244
retrieving revision 1.245
diff -u -p -r1.244 -r1.245
--- krb5.spec 8 Mar 2010 19:41:42 -0000 1.244
+++ krb5.spec 23 Mar 2010 18:28:15 -0000 1.245
@@ -10,7 +10,7 @@
Summary: The Kerberos network authentication system
Name: krb5
Version: 1.7.1
-Release: 6%{?dist}
+Release: 7%{?dist}
# Maybe we should explode from the now-available-to-everybody tarball instead?
# http://web.mit.edu/kerberos/dist/krb5/1.7/krb5-1.7.1-signed.tar
Source0: krb5-%{version}.tar.gz
@@ -87,6 +87,7 @@ Patch96: krb5-1.7-exp_warn.patch
Patch97: http://web.mit.edu/kerberos/advisories/2010-001-patch.txt
Patch98: krb5-1.7.1-kpasswd_ccache.patch
Patch99: krb5-1.7.1-kpasswd_ipv6.patch
+Patch100: 2010-002-1.7-patch.txt
License: MIT
URL: http://web.mit.edu/kerberos/www/
@@ -225,6 +226,9 @@ to obtain initial credentials from a KDC
certificate.
%changelog
+* Tue Mar 23 2010 Nalin Dahyabhai <nalin at redhat.com> - 1.7.1-7
+- add fix for denial-of-service in SPNEGO (CVE-2010-0628)
+
* Mon Mar 8 2010 Nalin Dahyabhai <nalin at redhat.com> - 1.7.1-6
- pull up patch to get the client libraries to correctly perform password
changes over IPv6 (Sumit Bose, RT#6661)
@@ -1609,6 +1613,7 @@ popd
%patch97 -p1 -b .2010-001
%patch98 -p1 -b .kpasswd-ccache
%patch99 -p0 -b .kpasswd-ipv6
+%patch100 -p0 -b .2010-002
gzip doc/*.ps
sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' doc/api/library.tex
More information about the scm-commits
mailing list