[krb5/f13/master] - add revised upstream patch to fix double-free in KDC while returning typed-data with errors (CVE
Nalin Dahyabhai
nalin at fedoraproject.org
Tue Mar 15 18:23:16 UTC 2011
commit dded32e20c86921913431de22b53be856d7e029f
Author: Nalin Dahyabhai <nalin at redhat.com>
Date: Tue Mar 15 14:23:32 2011 -0400
- add revised upstream patch to fix double-free in KDC while returning
typed-data with errors (CVE-2011-0284, #674325)
2011-003-patch.txt | 15 +++++++++++++++
krb5.spec | 8 +++++++-
2 files changed, 22 insertions(+), 1 deletions(-)
---
diff --git a/2011-003-patch.txt b/2011-003-patch.txt
new file mode 100644
index 0000000..affaf97
--- /dev/null
+++ b/2011-003-patch.txt
@@ -0,0 +1,15 @@
+Upstream patch, whitespace altered to apply.
+
+diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c
+index 46b5fa1..464cb6e 100644
+--- a/src/kdc/do_as_req.c
++++ b/src/kdc/do_as_req.c
+@@ -741,6 +741,8 @@ prepare_error_as (struct kdc_request_state *rstate, krb5_kdc_req *request,
+ pad->contents = td[size]->data;
+ pad->length = td[size]->length;
+ pa[size] = pad;
++ td[size]->data = NULL;
++ td[size]->length = 0;
+ }
+ krb5_free_typed_data(kdc_context, td);
+ }
diff --git a/krb5.spec b/krb5.spec
index d8f1b37..2b6aa5c 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -10,7 +10,7 @@
Summary: The Kerberos network authentication system
Name: krb5
Version: 1.7.1
-Release: 17%{?dist}
+Release: 18%{?dist}
# Maybe we should explode from the now-available-to-everybody tarball instead?
# http://web.mit.edu/kerberos/dist/krb5/1.7/krb5-1.7.1-signed.tar
Source0: krb5-%{version}.tar.gz
@@ -94,6 +94,7 @@ Patch104: krb5-1.7.1-explife.patch
Patch105: http://web.mit.edu/kerberos/advisories/2010-007-patch-r17.txt
Patch106: http://web.mit.edu/kerberos/advisories/2011-001-patch.txt
Patch107: http://web.mit.edu/kerberos/advisories/2011-002-patch.txt
+Patch108: http://web.mit.edu/kerberos/advisories/2011-003-patch.txt
License: MIT
URL: http://web.mit.edu/kerberos/www/
@@ -232,6 +233,10 @@ to obtain initial credentials from a KDC using a private key and a
certificate.
%changelog
+* Tue Mar 15 2011 Nalin Dahyabhai <nalin at redhat.com> 1.7.1-18
+- add revised upstream patch to fix double-free in KDC while returning
+ typed-data with errors (CVE-2011-0284, #674325)
+
* Tue Feb 8 2011 Nalin Dahyabhai <nalin at redhat.com> 1.7.1-17
- add upstream patches to fix standalone kpropd exiting if the per-client
child process exits with an error (MITKRB5-SA-2011-001), and a hang or
@@ -1678,6 +1683,7 @@ popd
%patch105 -p1 -b .2010-007
%patch106 -p1 -b .2011-001
%patch107 -p1 -b .2011-002
+%patch108 -p1 -b .2011-003
gzip doc/*.ps
sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' doc/api/library.tex
More information about the scm-commits
mailing list