[krb5/f15/master] - add revised upstream patch to fix double-free in KDC while returning typed-data with errors (CVE
Nalin Dahyabhai
nalin at fedoraproject.org
Tue Mar 15 18:18:13 UTC 2011
commit 8d6d671baaf53d4f4579b6094254ab0c62d02b28
Author: Nalin Dahyabhai <nalin at redhat.com>
Date: Tue Mar 15 14:17:57 2011 -0400
- add revised upstream patch to fix double-free in KDC while returning
typed-data with errors (CVE-2011-0284, #674325)
2011-003-patch.txt | 13 +++++++++++++
krb5.spec | 8 +++++++-
2 files changed, 20 insertions(+), 1 deletions(-)
---
diff --git a/2011-003-patch.txt b/2011-003-patch.txt
new file mode 100644
index 0000000..c977275
--- /dev/null
+++ b/2011-003-patch.txt
@@ -0,0 +1,13 @@
+diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c
+index 46b5fa1..464cb6e 100644
+--- a/src/kdc/do_as_req.c
++++ b/src/kdc/do_as_req.c
+@@ -741,6 +741,8 @@ prepare_error_as (struct kdc_request_state *rstate, krb5_kdc_req *request,
+ pad->contents = td[size]->data;
+ pad->length = td[size]->length;
+ pa[size] = pad;
++ td[size]->data = NULL;
++ td[size]->length = 0;
+ }
+ krb5_free_typed_data(kdc_context, td);
+ }
diff --git a/krb5.spec b/krb5.spec
index 5d63110..1275285 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -6,7 +6,7 @@
Summary: The Kerberos network authentication system
Name: krb5
Version: 1.9
-Release: 5%{?dist}
+Release: 6%{?dist}
# Maybe we should explode from the now-available-to-everybody tarball instead?
# http://web.mit.edu/kerberos/dist/krb5/1.9/krb5-1.9-signed.tar
Source0: krb5-%{version}.tar.gz
@@ -51,6 +51,7 @@ Patch71: krb5-1.9-dirsrv-accountlock.patch
Patch72: krb5-pkinit-cms2.patch
Patch73: http://web.mit.edu/kerberos/advisories/2011-001-patch.txt
Patch74: http://web.mit.edu/kerberos/advisories/2011-002-patch.txt
+Patch75: http://web.mit.edu/kerberos/advisories/2011-003-patch.txt
License: MIT
URL: http://web.mit.edu/kerberos/www/
@@ -190,6 +191,7 @@ ln -s NOTICE LICENSE
%patch72 -p1 -b .pkinit_cms2
%patch73 -p1 -b .2011-001
%patch74 -p1 -b .2011-002
+%patch75 -p1 -b .2011-003
gzip doc/*.ps
sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' doc/api/library.tex
@@ -648,6 +650,10 @@ exit 0
%{_sbindir}/uuserver
%changelog
+* Tue Mar 15 2011 Nalin Dahyabhai <nalin at redhat.com> 1.9-6
+- add revised upstream patch to fix double-free in KDC while returning
+ typed-data with errors (CVE-2011-0284, #674325)
+
* Wed Feb 9 2011 Nalin Dahyabhai <nalin at redhat.com> 1.9-5
- krb5kdc init script: prototype some changes to do a quick spot-check
of the TGS and kadmind keys and warn if there aren't any non-weak keys
More information about the scm-commits
mailing list