Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 146508 Details for
Bug 212363
app-crypt/mit-krb5 < 1.6.3 MITKRB5-SA-{2008-001|2008-002} (CVE-2008-{0062,0063,0947,0948})
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
1.5-MITKRB5-SA-2008-001.patch
1.5-MITKRB5-SA-2008-001.patch (text/plain), 10.76 KB, created by
Markus Ullmann (RETIRED)
on 2008-03-18 20:39:07 UTC
(
hide
)
Description:
1.5-MITKRB5-SA-2008-001.patch
Filename:
MIME Type:
Creator:
Markus Ullmann (RETIRED)
Created:
2008-03-18 20:39:07 UTC
Size:
10.76 KB
patch
obsolete
>--- src/kdc/dispatch.c (revision 20192) >+++ src/kdc/dispatch.c (working copy) >@@ -1,7 +1,7 @@ > /* > * kdc/dispatch.c > * >- * Copyright 1990 by the Massachusetts Institute of Technology. >+ * Copyright 1990, 2007 by the Massachusetts Institute of Technology. > * > * Export of this software from the United States of America may > * require a specific license from the United States Government. >@@ -107,7 +107,7 @@ > retval = KRB5KRB_AP_ERR_MSG_TYPE; > #ifndef NOCACHE > /* put the response into the lookaside buffer */ >- if (!retval) >+ if (!retval && *response != NULL) > kdc_insert_lookaside(pkt, *response); > #endif > >--- src/kdc/kerberos_v4.c (revision 20192) >+++ src/kdc/kerberos_v4.c (working copy) >@@ -1,7 +1,7 @@ > /* > * kdc/kerberos_v4.c > * >- * Copyright 1985, 1986, 1987, 1988,1991 by the Massachusetts Institute >+ * Copyright 1985, 1986, 1987, 1988,1991,2007 by the Massachusetts Institute > * of Technology. > * All Rights Reserved. > * >@@ -87,11 +87,6 @@ > #define MSB_FIRST 0 /* 68000, IBM RT/PC */ > #define LSB_FIRST 1 /* Vax, PC8086 */ > >-int f; >- >-/* XXX several files in libkdb know about this */ >-char *progname; >- > #ifndef BACKWARD_COMPAT > static Key_schedule master_key_schedule; > static C_Block master_key; >@@ -143,10 +138,8 @@ > #include "com_err.h" > #include "extern.h" /* to pick up master_princ */ > >-static krb5_data *response; >- >-void kerberos_v4 (struct sockaddr_in *, KTEXT); >-void kerb_err_reply (struct sockaddr_in *, KTEXT, long, char *); >+static krb5_data *kerberos_v4 (struct sockaddr_in *, KTEXT); >+static krb5_data *kerb_err_reply (struct sockaddr_in *, KTEXT, long, char *); > static int set_tgtkey (char *, krb5_kvno, krb5_boolean); > > /* Attributes converted from V5 to V4 - internal representation */ >@@ -262,12 +255,12 @@ > (void) klog(L_KRB_PERR, "V4 request too long."); > return KRB5KRB_ERR_FIELD_TOOLONG; > } >+ memset( &v4_pkt, 0, sizeof(v4_pkt)); > v4_pkt.length = pkt->length; > v4_pkt.mbz = 0; > memcpy( v4_pkt.dat, pkt->data, pkt->length); > >- kerberos_v4( &client_sockaddr, &v4_pkt); >- *resp = response; >+ *resp = kerberos_v4( &client_sockaddr, &v4_pkt); > return(retval); > } > >@@ -300,19 +293,20 @@ > } > > static >-int krb4_sendto(int s, const char *msg, int len, int flags, >- const struct sockaddr *to, int to_len) >+krb5_data *make_response(const char *msg, int len) > { >+ krb5_data *response; >+ > if ( !(response = (krb5_data *) malloc( sizeof *response))) { >- return ENOMEM; >+ return 0; > } > if ( !(response->data = (char *) malloc( len))) { > krb5_free_data(kdc_context, response); >- return ENOMEM; >+ return 0; > } > response->length = len; > memcpy( response->data, msg, len); >- return( 0); >+ return response; > } > static void > hang(void) >@@ -586,7 +580,7 @@ > *cp = 0; > } > >-void >+static krb5_data * > kerberos_v4(struct sockaddr_in *client, KTEXT pkt) > { > static KTEXT_ST rpkt_st; >@@ -599,8 +593,8 @@ > KTEXT auth = &auth_st; > AUTH_DAT ad_st; > AUTH_DAT *ad = &ad_st; >+ krb5_data *response = 0; > >- > static struct in_addr client_host; > static int msg_byte_order; > static int swap_bytes; >@@ -637,8 +631,7 @@ > inet_ntoa(client_host)); > /* send an error reply */ > req_name_ptr = req_inst_ptr = req_realm_ptr = ""; >- kerb_err_reply(client, pkt, KERB_ERR_PKT_VER, lt); >- return; >+ return kerb_err_reply(client, pkt, KERB_ERR_PKT_VER, lt); > } > > /* check packet version */ >@@ -648,8 +641,7 @@ > KRB_PROT_VERSION, req_version, 0); > /* send an error reply */ > req_name_ptr = req_inst_ptr = req_realm_ptr = ""; >- kerb_err_reply(client, pkt, KERB_ERR_PKT_VER, lt); >- return; >+ return kerb_err_reply(client, pkt, KERB_ERR_PKT_VER, lt); > } > msg_byte_order = req_msg_type & 1; > >@@ -707,10 +699,10 @@ > > if ((i = check_princ(req_name_ptr, req_inst_ptr, 0, > &a_name_data, &k5key, 0, &ck5life))) { >- kerb_err_reply(client, pkt, i, "check_princ failed"); >+ response = kerb_err_reply(client, pkt, i, "check_princ failed"); > a_name_data.key_low = a_name_data.key_high = 0; > krb5_free_keyblock_contents(kdc_context, &k5key); >- return; >+ return response; > } > /* don't use k5key for client */ > krb5_free_keyblock_contents(kdc_context, &k5key); >@@ -722,11 +714,11 @@ > /* this does all the checking */ > if ((i = check_princ(service, instance, lifetime, > &s_name_data, &k5key, 1, &sk5life))) { >- kerb_err_reply(client, pkt, i, "check_princ failed"); >+ response = kerb_err_reply(client, pkt, i, "check_princ failed"); > a_name_data.key_high = a_name_data.key_low = 0; > s_name_data.key_high = s_name_data.key_low = 0; > krb5_free_keyblock_contents(kdc_context, &k5key); >- return; >+ return response; > } > /* Bound requested lifetime with service and user */ > v4req_end = krb_life_to_time(kerb_time.tv_sec, req_life); >@@ -797,8 +789,7 @@ > rpkt = create_auth_reply(req_name_ptr, req_inst_ptr, > req_realm_ptr, req_time_ws, 0, a_name_data.exp_date, > a_name_data.key_version, ciph); >- krb4_sendto(f, (char *) rpkt->dat, rpkt->length, 0, >- (struct sockaddr *) client, S_AD_SZ); >+ response = make_response((char *) rpkt->dat, rpkt->length); > memset(&a_name_data, 0, sizeof(a_name_data)); > memset(&s_name_data, 0, sizeof(s_name_data)); > break; >@@ -824,9 +815,8 @@ > lt = klog(L_KRB_PERR, > "APPL request with realm length too long from %s", > inet_ntoa(client_host)); >- kerb_err_reply(client, pkt, RD_AP_INCON, >- "realm length too long"); >- return; >+ return kerb_err_reply(client, pkt, RD_AP_INCON, >+ "realm length too long"); > } > > auth->length += (int) *(pkt->dat + auth->length) + >@@ -835,9 +825,8 @@ > lt = klog(L_KRB_PERR, > "APPL request with funky tkt or req_id length from %s", > inet_ntoa(client_host)); >- kerb_err_reply(client, pkt, RD_AP_INCON, >- "funky tkt or req_id length"); >- return; >+ return kerb_err_reply(client, pkt, RD_AP_INCON, >+ "funky tkt or req_id length"); > } > > memcpy(auth->dat, pkt->dat, auth->length); >@@ -848,18 +837,16 @@ > if ((!allow_v4_crossrealm)&&strcmp(tktrlm, local_realm) != 0) { > lt = klog(L_ERR_UNK, > "Cross realm ticket from %s denied by policy,", tktrlm); >- kerb_err_reply(client, pkt, >- KERB_ERR_PRINCIPAL_UNKNOWN, lt); >- return; >+ return kerb_err_reply(client, pkt, >+ KERB_ERR_PRINCIPAL_UNKNOWN, lt); > } > if (set_tgtkey(tktrlm, kvno, 0)) { >- lt = klog(L_ERR_UNK, >+ lt = klog(L_ERR_UNK, > "FAILED set_tgtkey realm %s, kvno %d. Host: %s ", > tktrlm, kvno, inet_ntoa(client_host)); > /* no better error code */ >- kerb_err_reply(client, pkt, >- KERB_ERR_PRINCIPAL_UNKNOWN, lt); >- return; >+ return kerb_err_reply(client, pkt, >+ KERB_ERR_PRINCIPAL_UNKNOWN, lt); > } > kerno = krb_rd_req(auth, "krbtgt", tktrlm, client_host.s_addr, > ad, 0); >@@ -869,9 +856,8 @@ > "FAILED 3des set_tgtkey realm %s, kvno %d. Host: %s ", > tktrlm, kvno, inet_ntoa(client_host)); > /* no better error code */ >- kerb_err_reply(client, pkt, >- KERB_ERR_PRINCIPAL_UNKNOWN, lt); >- return; >+ return kerb_err_reply(client, pkt, >+ KERB_ERR_PRINCIPAL_UNKNOWN, lt); > } > kerno = krb_rd_req(auth, "krbtgt", tktrlm, client_host.s_addr, > ad, 0); >@@ -881,8 +867,7 @@ > klog(L_ERR_UNK, "FAILED krb_rd_req from %s: %s", > inet_ntoa(client_host), krb_get_err_text(kerno)); > req_name_ptr = req_inst_ptr = req_realm_ptr = ""; >- kerb_err_reply(client, pkt, kerno, "krb_rd_req failed"); >- return; >+ return kerb_err_reply(client, pkt, kerno, "krb_rd_req failed"); > } > ptr = (char *) pkt->dat + auth->length; > >@@ -904,22 +889,21 @@ > req_realm_ptr = ad->prealm; > > if (strcmp(ad->prealm, tktrlm)) { >- kerb_err_reply(client, pkt, KERB_ERR_PRINCIPAL_UNKNOWN, >- "Can't hop realms"); >- return; >+ return kerb_err_reply(client, pkt, KERB_ERR_PRINCIPAL_UNKNOWN, >+ "Can't hop realms"); > } > if (!strcmp(service, "changepw")) { >- kerb_err_reply(client, pkt, KERB_ERR_PRINCIPAL_UNKNOWN, >- "Can't authorize password changed based on TGT"); >- return; >+ return kerb_err_reply(client, pkt, KERB_ERR_PRINCIPAL_UNKNOWN, >+ "Can't authorize password changed based on TGT"); > } > kerno = check_princ(service, instance, req_life, > &s_name_data, &k5key, 1, &sk5life); > if (kerno) { >- kerb_err_reply(client, pkt, kerno, "check_princ failed"); >+ response = kerb_err_reply(client, pkt, kerno, >+ "check_princ failed"); > s_name_data.key_high = s_name_data.key_low = 0; > krb5_free_keyblock_contents(kdc_context, &k5key); >- return; >+ return response; > } > /* Bound requested lifetime with service and user */ > v4endtime = krb_life_to_time((KRB4_32)ad->time_sec, ad->life); >@@ -975,8 +959,7 @@ > rpkt = create_auth_reply(ad->pname, ad->pinst, > ad->prealm, time_ws, > 0, 0, 0, ciph); >- krb4_sendto(f, (char *) rpkt->dat, rpkt->length, 0, >- (struct sockaddr *) client, S_AD_SZ); >+ response = make_response((char *) rpkt->dat, rpkt->length); > memset(&s_name_data, 0, sizeof(s_name_data)); > break; > } >@@ -1001,6 +984,7 @@ > break; > } > } >+ return response; > } > > >@@ -1010,7 +994,7 @@ > * client. > */ > >-void >+static krb5_data * > kerb_err_reply(struct sockaddr_in *client, KTEXT pkt, long int err, char *string) > { > static KTEXT_ST e_pkt_st; >@@ -1021,9 +1005,7 @@ > strncat(e_msg, string, sizeof(e_msg) - 1 - 19); > cr_err_reply(e_pkt, req_name_ptr, req_inst_ptr, req_realm_ptr, > req_time_ws, err, e_msg); >- krb4_sendto(f, (char *) e_pkt->dat, e_pkt->length, 0, >- (struct sockaddr *) client, S_AD_SZ); >- >+ return make_response((char *) e_pkt->dat, e_pkt->length); > } > > static int >--- src/kdc/network.c (revision 20192) >+++ src/kdc/network.c (working copy) >@@ -1,7 +1,7 @@ > /* > * kdc/network.c > * >- * Copyright 1990,2000 by the Massachusetts Institute of Technology. >+ * Copyright 1990,2000,2007 by the Massachusetts Institute of Technology. > * > * Export of this software from the United States of America may > * require a specific license from the United States Government. >@@ -747,6 +747,8 @@ > com_err(prog, retval, "while dispatching (udp)"); > return; > } >+ if (response == NULL) >+ return; > cc = sendto(port_fd, response->data, (socklen_t) response->length, 0, > (struct sockaddr *)&saddr, saddr_len); > if (cc == -1) {
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 212363
:
145336
|
145337
| 146508 |
146509
|
146510
|
146511
|
146512