[krb5/f14/master] - incorporate upstream patch to fix uninitialized pointer crash in the KDC's authorization data hand
Nalin Dahyabhai
nalin at fedoraproject.org
Tue Oct 5 19:30:59 UTC 2010
commit 561f1591fb4ffdffa520dd11eac52a1bffd6a47a
Author: Nalin Dahyabhai <nalin at redhat.com>
Date: Tue Oct 5 15:29:44 2010 -0400
- incorporate upstream patch to fix uninitialized pointer crash in the KDC's authorization data handling (CVE-2010-1322, #636335)
krb5-1.8.x-authdata.patch | 34 ++++++++++++++++++++++++++++++++++
krb5.spec | 8 +++++++-
2 files changed, 41 insertions(+), 1 deletions(-)
---
diff --git a/krb5-1.8.x-authdata.patch b/krb5-1.8.x-authdata.patch
new file mode 100644
index 0000000..a5bce28
--- /dev/null
+++ b/krb5-1.8.x-authdata.patch
@@ -0,0 +1,34 @@
+Candidate fix for CVE-2010-1322.
+
+diff -up krb5/src/kdc/kdc_authdata.c krb5/src/kdc/kdc_authdata.c
+--- krb5/src/kdc/kdc_authdata.c 2010-09-22 16:01:55.196827943 -0400
++++ krb5/src/kdc/kdc_authdata.c 2010-09-22 16:01:58.282828001 -0400
+@@ -495,7 +495,7 @@ merge_authdata (krb5_context context,
+ krb5_boolean copy,
+ krb5_boolean ignore_kdc_issued)
+ {
+- size_t i, nadata = 0;
++ size_t i, j, nadata = 0;
+ krb5_authdata **authdata = *out_authdata;
+
+ if (in_authdata == NULL || in_authdata[0] == NULL)
+@@ -529,16 +529,16 @@ merge_authdata (krb5_context context,
+ in_authdata = tmp;
+ }
+
+- for (i = 0; in_authdata[i] != NULL; i++) {
++ for (i = 0, j = 0; in_authdata[i] != NULL; i++) {
+ if (ignore_kdc_issued &&
+ is_kdc_issued_authdatum(context, in_authdata[i], 0)) {
+ free(in_authdata[i]->contents);
+ free(in_authdata[i]);
+ } else
+- authdata[nadata + i] = in_authdata[i];
++ authdata[nadata + j++] = in_authdata[i];
+ }
+
+- authdata[nadata + i] = NULL;
++ authdata[nadata + j] = NULL;
+
+ free(in_authdata);
+
diff --git a/krb5.spec b/krb5.spec
index d649305..11e139c 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -5,7 +5,7 @@
Summary: The Kerberos network authentication system
Name: krb5
Version: 1.8.2
-Release: 5%{?dist}
+Release: 6%{?dist}
# Maybe we should explode from the now-available-to-everybody tarball instead?
# http://web.mit.edu/kerberos/dist/krb5/1.8/krb5-1.8.2-signed.tar
Source0: krb5-%{version}.tar.gz
@@ -54,6 +54,7 @@ Patch75: krb5-trunk-explife.patch
Patch76: krb5-trunk-key_usage.patch
Patch77: krb5-trunk-signed.patch
Patch78: krb5-trunk-k5login.patch
+Patch79: krb5-1.8.x-authdata.patch
License: MIT
URL: http://web.mit.edu/kerberos/www/
@@ -198,6 +199,7 @@ ln -s NOTICE LICENSE
%patch76 -p0 -b .key_usage
%patch77 -p0 -b .signed
%patch78 -p1 -b .k5login
+%patch79 -p1 -b .authdata
gzip doc/*.ps
sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' doc/api/library.tex
@@ -649,6 +651,10 @@ exit 0
%{_sbindir}/uuserver
%changelog
+* Tue Oct 5 2010 Nalin Dahyabhai <nalin at redhat.com> 1.8.2-6
+- incorporate upstream patch to fix uninitialized pointer crash in the KDC's
+ authorization data handling (CVE-2010-1322, #636335)
+
* Tue Oct 5 2010 Nalin Dahyabhai <nalin at redhat.com> 1.8.2-5
- pull down patches from trunk to implement k5login_authoritative and
k5login_directory settings for krb5.conf (#539423)
More information about the scm-commits
mailing list