From 948224678079adbfcfc654a224a85b63602f775080424f510900b1811a891cd8 Mon Sep 17 00:00:00 2001 From: Michael Calmer Date: Mon, 11 Oct 2010 08:46:56 +0000 Subject: [PATCH 1/3] - fix a dereference of an uninitialized pointer while processing authorization data. CVE-2010-1322, MITKRB5-SA-2010-006 (bnc#640990) OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=27 --- krb5-1.8-MITKRB5-SA-2010-006.dif | 33 ++++++++++++++++++++++++++++++++ krb5-mini.changes | 7 +++++++ krb5-mini.spec | 4 +++- krb5.changes | 7 +++++++ krb5.spec | 2 ++ 5 files changed, 52 insertions(+), 1 deletion(-) create mode 100644 krb5-1.8-MITKRB5-SA-2010-006.dif diff --git a/krb5-1.8-MITKRB5-SA-2010-006.dif b/krb5-1.8-MITKRB5-SA-2010-006.dif new file mode 100644 index 0000000..3f5f5bb --- /dev/null +++ b/krb5-1.8-MITKRB5-SA-2010-006.dif @@ -0,0 +1,33 @@ +Index: krb5-1.8.1/src/kdc/kdc_authdata.c +=================================================================== +--- krb5-1.8.1.orig/src/kdc/kdc_authdata.c ++++ krb5-1.8.1/src/kdc/kdc_authdata.c +@@ -495,7 +495,7 @@ merge_authdata (krb5_context context, + krb5_boolean copy, + krb5_boolean ignore_kdc_issued) + { +- size_t i, nadata = 0; ++ size_t i, j, nadata = 0; + krb5_authdata **authdata = *out_authdata; + + if (in_authdata == NULL || in_authdata[0] == NULL) +@@ -529,16 +529,16 @@ merge_authdata (krb5_context context, + in_authdata = tmp; + } + +- for (i = 0; in_authdata[i] != NULL; i++) { ++ for (i = 0, j = 0; in_authdata[i] != NULL; i++) { + if (ignore_kdc_issued && + is_kdc_issued_authdatum(context, in_authdata[i], 0)) { + free(in_authdata[i]->contents); + free(in_authdata[i]); + } else +- authdata[nadata + i] = in_authdata[i]; ++ authdata[nadata + j++] = in_authdata[i]; + } + +- authdata[nadata + i] = NULL; ++ authdata[nadata + j] = NULL; + + free(in_authdata); + diff --git a/krb5-mini.changes b/krb5-mini.changes index b57f654..528b1c9 100644 --- a/krb5-mini.changes +++ b/krb5-mini.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Mon Sep 27 11:42:43 CEST 2010 - mc@suse.de + +- fix a dereference of an uninitialized pointer while processing + authorization data. + CVE-2010-1322, MITKRB5-SA-2010-006 (bnc#640990) + ------------------------------------------------------------------- Mon Jun 21 21:31:53 UTC 2010 - lchiquitto@novell.com diff --git a/krb5-mini.spec b/krb5-mini.spec index 15234ab..a56ca24 100644 --- a/krb5-mini.spec +++ b/krb5-mini.spec @@ -1,5 +1,5 @@ # -# spec file for package krb5-mini (Version 1.8.1) +# spec file for package krb5 (Version 1.8.1) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -58,6 +58,7 @@ Patch8: krb5-1.6.3-fix-ipv6-query.dif Patch9: krb5-1.7-MITKRB5-SA-2010-004.dif Patch10: krb5-MITKRB5-SA-2010-005.dif Patch11: krb5-1.8.1-gssapi-error-table.dif +Patch12: krb5-1.8-MITKRB5-SA-2010-006.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %insserv_prereq %fillup_prereq @@ -208,6 +209,7 @@ Authors: %patch9 -p1 %patch10 -p1 %patch11 -p1 +%patch12 -p1 # Rename the man pages so that they'll get generated correctly. pushd src cat %{SOURCE10} | while read manpage ; do diff --git a/krb5.changes b/krb5.changes index b57f654..528b1c9 100644 --- a/krb5.changes +++ b/krb5.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Mon Sep 27 11:42:43 CEST 2010 - mc@suse.de + +- fix a dereference of an uninitialized pointer while processing + authorization data. + CVE-2010-1322, MITKRB5-SA-2010-006 (bnc#640990) + ------------------------------------------------------------------- Mon Jun 21 21:31:53 UTC 2010 - lchiquitto@novell.com diff --git a/krb5.spec b/krb5.spec index b1d0036..94215e0 100644 --- a/krb5.spec +++ b/krb5.spec @@ -58,6 +58,7 @@ Patch8: krb5-1.6.3-fix-ipv6-query.dif Patch9: krb5-1.7-MITKRB5-SA-2010-004.dif Patch10: krb5-MITKRB5-SA-2010-005.dif Patch11: krb5-1.8.1-gssapi-error-table.dif +Patch12: krb5-1.8-MITKRB5-SA-2010-006.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %insserv_prereq %fillup_prereq @@ -208,6 +209,7 @@ Authors: %patch9 -p1 %patch10 -p1 %patch11 -p1 +%patch12 -p1 # Rename the man pages so that they'll get generated correctly. pushd src cat %{SOURCE10} | while read manpage ; do From 74e4ec3b004c592a7e2083adf60daa596f92c785628fe6e57d878a2540024008 Mon Sep 17 00:00:00 2001 From: OBS User autobuild Date: Mon, 11 Oct 2010 09:50:02 +0000 Subject: [PATCH 2/3] Accepting request 50195 from network checked in (request 50195) OBS-URL: https://build.opensuse.org/request/show/50195 OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=28 --- krb5-1.8-MITKRB5-SA-2010-006.dif | 33 -------------------------------- krb5-mini.changes | 7 ------- krb5-mini.spec | 4 +--- krb5.changes | 7 ------- krb5.spec | 2 -- 5 files changed, 1 insertion(+), 52 deletions(-) delete mode 100644 krb5-1.8-MITKRB5-SA-2010-006.dif diff --git a/krb5-1.8-MITKRB5-SA-2010-006.dif b/krb5-1.8-MITKRB5-SA-2010-006.dif deleted file mode 100644 index 3f5f5bb..0000000 --- a/krb5-1.8-MITKRB5-SA-2010-006.dif +++ /dev/null @@ -1,33 +0,0 @@ -Index: krb5-1.8.1/src/kdc/kdc_authdata.c -=================================================================== ---- krb5-1.8.1.orig/src/kdc/kdc_authdata.c -+++ krb5-1.8.1/src/kdc/kdc_authdata.c -@@ -495,7 +495,7 @@ merge_authdata (krb5_context context, - krb5_boolean copy, - krb5_boolean ignore_kdc_issued) - { -- size_t i, nadata = 0; -+ size_t i, j, nadata = 0; - krb5_authdata **authdata = *out_authdata; - - if (in_authdata == NULL || in_authdata[0] == NULL) -@@ -529,16 +529,16 @@ merge_authdata (krb5_context context, - in_authdata = tmp; - } - -- for (i = 0; in_authdata[i] != NULL; i++) { -+ for (i = 0, j = 0; in_authdata[i] != NULL; i++) { - if (ignore_kdc_issued && - is_kdc_issued_authdatum(context, in_authdata[i], 0)) { - free(in_authdata[i]->contents); - free(in_authdata[i]); - } else -- authdata[nadata + i] = in_authdata[i]; -+ authdata[nadata + j++] = in_authdata[i]; - } - -- authdata[nadata + i] = NULL; -+ authdata[nadata + j] = NULL; - - free(in_authdata); - diff --git a/krb5-mini.changes b/krb5-mini.changes index 528b1c9..b57f654 100644 --- a/krb5-mini.changes +++ b/krb5-mini.changes @@ -1,10 +1,3 @@ -------------------------------------------------------------------- -Mon Sep 27 11:42:43 CEST 2010 - mc@suse.de - -- fix a dereference of an uninitialized pointer while processing - authorization data. - CVE-2010-1322, MITKRB5-SA-2010-006 (bnc#640990) - ------------------------------------------------------------------- Mon Jun 21 21:31:53 UTC 2010 - lchiquitto@novell.com diff --git a/krb5-mini.spec b/krb5-mini.spec index a56ca24..15234ab 100644 --- a/krb5-mini.spec +++ b/krb5-mini.spec @@ -1,5 +1,5 @@ # -# spec file for package krb5 (Version 1.8.1) +# spec file for package krb5-mini (Version 1.8.1) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -58,7 +58,6 @@ Patch8: krb5-1.6.3-fix-ipv6-query.dif Patch9: krb5-1.7-MITKRB5-SA-2010-004.dif Patch10: krb5-MITKRB5-SA-2010-005.dif Patch11: krb5-1.8.1-gssapi-error-table.dif -Patch12: krb5-1.8-MITKRB5-SA-2010-006.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %insserv_prereq %fillup_prereq @@ -209,7 +208,6 @@ Authors: %patch9 -p1 %patch10 -p1 %patch11 -p1 -%patch12 -p1 # Rename the man pages so that they'll get generated correctly. pushd src cat %{SOURCE10} | while read manpage ; do diff --git a/krb5.changes b/krb5.changes index 528b1c9..b57f654 100644 --- a/krb5.changes +++ b/krb5.changes @@ -1,10 +1,3 @@ -------------------------------------------------------------------- -Mon Sep 27 11:42:43 CEST 2010 - mc@suse.de - -- fix a dereference of an uninitialized pointer while processing - authorization data. - CVE-2010-1322, MITKRB5-SA-2010-006 (bnc#640990) - ------------------------------------------------------------------- Mon Jun 21 21:31:53 UTC 2010 - lchiquitto@novell.com diff --git a/krb5.spec b/krb5.spec index 94215e0..b1d0036 100644 --- a/krb5.spec +++ b/krb5.spec @@ -58,7 +58,6 @@ Patch8: krb5-1.6.3-fix-ipv6-query.dif Patch9: krb5-1.7-MITKRB5-SA-2010-004.dif Patch10: krb5-MITKRB5-SA-2010-005.dif Patch11: krb5-1.8.1-gssapi-error-table.dif -Patch12: krb5-1.8-MITKRB5-SA-2010-006.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %insserv_prereq %fillup_prereq @@ -209,7 +208,6 @@ Authors: %patch9 -p1 %patch10 -p1 %patch11 -p1 -%patch12 -p1 # Rename the man pages so that they'll get generated correctly. pushd src cat %{SOURCE10} | while read manpage ; do From b40723da8127c3d28efd37ce0ea9df63e86f27603d7d58eae6d79f7b5d4769c7 Mon Sep 17 00:00:00 2001 From: OBS User buildservice-autocommit Date: Mon, 11 Oct 2010 09:50:03 +0000 Subject: [PATCH 3/3] Updating link to change in openSUSE:Factory/krb5 revision 55.0 OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=16c75c266da5ee523e21706d624b6e46 --- krb5-1.8-MITKRB5-SA-2010-006.dif | 33 ++++++++++++++++++++++++++++++++ krb5-doc.spec | 2 +- krb5-mini.changes | 7 +++++++ krb5-mini.spec | 4 +++- krb5.changes | 7 +++++++ krb5.spec | 4 +++- 6 files changed, 54 insertions(+), 3 deletions(-) create mode 100644 krb5-1.8-MITKRB5-SA-2010-006.dif diff --git a/krb5-1.8-MITKRB5-SA-2010-006.dif b/krb5-1.8-MITKRB5-SA-2010-006.dif new file mode 100644 index 0000000..3f5f5bb --- /dev/null +++ b/krb5-1.8-MITKRB5-SA-2010-006.dif @@ -0,0 +1,33 @@ +Index: krb5-1.8.1/src/kdc/kdc_authdata.c +=================================================================== +--- krb5-1.8.1.orig/src/kdc/kdc_authdata.c ++++ krb5-1.8.1/src/kdc/kdc_authdata.c +@@ -495,7 +495,7 @@ merge_authdata (krb5_context context, + krb5_boolean copy, + krb5_boolean ignore_kdc_issued) + { +- size_t i, nadata = 0; ++ size_t i, j, nadata = 0; + krb5_authdata **authdata = *out_authdata; + + if (in_authdata == NULL || in_authdata[0] == NULL) +@@ -529,16 +529,16 @@ merge_authdata (krb5_context context, + in_authdata = tmp; + } + +- for (i = 0; in_authdata[i] != NULL; i++) { ++ for (i = 0, j = 0; in_authdata[i] != NULL; i++) { + if (ignore_kdc_issued && + is_kdc_issued_authdatum(context, in_authdata[i], 0)) { + free(in_authdata[i]->contents); + free(in_authdata[i]); + } else +- authdata[nadata + i] = in_authdata[i]; ++ authdata[nadata + j++] = in_authdata[i]; + } + +- authdata[nadata + i] = NULL; ++ authdata[nadata + j] = NULL; + + free(in_authdata); + diff --git a/krb5-doc.spec b/krb5-doc.spec index f8c27e2..d266bc3 100644 --- a/krb5-doc.spec +++ b/krb5-doc.spec @@ -21,7 +21,7 @@ Name: krb5-doc BuildRequires: ghostscript-library latex2html texlive Version: 1.8.1 -Release: 4 +Release: 7 %define srcRoot krb5-1.8.1 Summary: MIT Kerberos5 Implementation--Documentation License: MIT License (or similar) diff --git a/krb5-mini.changes b/krb5-mini.changes index b57f654..528b1c9 100644 --- a/krb5-mini.changes +++ b/krb5-mini.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Mon Sep 27 11:42:43 CEST 2010 - mc@suse.de + +- fix a dereference of an uninitialized pointer while processing + authorization data. + CVE-2010-1322, MITKRB5-SA-2010-006 (bnc#640990) + ------------------------------------------------------------------- Mon Jun 21 21:31:53 UTC 2010 - lchiquitto@novell.com diff --git a/krb5-mini.spec b/krb5-mini.spec index 15234ab..db86b16 100644 --- a/krb5-mini.spec +++ b/krb5-mini.spec @@ -28,7 +28,7 @@ Url: http://web.mit.edu/kerberos/www/ BuildRequires: bison libcom_err-devel ncurses-devel BuildRequires: keyutils keyutils-devel Version: 1.8.1 -Release: 4 +Release: 7 %if ! 0%{?build_mini} BuildRequires: libopenssl-devel openldap2-devel # bug437293 @@ -58,6 +58,7 @@ Patch8: krb5-1.6.3-fix-ipv6-query.dif Patch9: krb5-1.7-MITKRB5-SA-2010-004.dif Patch10: krb5-MITKRB5-SA-2010-005.dif Patch11: krb5-1.8.1-gssapi-error-table.dif +Patch12: krb5-1.8-MITKRB5-SA-2010-006.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %insserv_prereq %fillup_prereq @@ -208,6 +209,7 @@ Authors: %patch9 -p1 %patch10 -p1 %patch11 -p1 +%patch12 -p1 # Rename the man pages so that they'll get generated correctly. pushd src cat %{SOURCE10} | while read manpage ; do diff --git a/krb5.changes b/krb5.changes index b57f654..528b1c9 100644 --- a/krb5.changes +++ b/krb5.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Mon Sep 27 11:42:43 CEST 2010 - mc@suse.de + +- fix a dereference of an uninitialized pointer while processing + authorization data. + CVE-2010-1322, MITKRB5-SA-2010-006 (bnc#640990) + ------------------------------------------------------------------- Mon Jun 21 21:31:53 UTC 2010 - lchiquitto@novell.com diff --git a/krb5.spec b/krb5.spec index b1d0036..6884430 100644 --- a/krb5.spec +++ b/krb5.spec @@ -28,7 +28,7 @@ Url: http://web.mit.edu/kerberos/www/ BuildRequires: bison libcom_err-devel ncurses-devel BuildRequires: keyutils keyutils-devel Version: 1.8.1 -Release: 4 +Release: 7 %if ! 0%{?build_mini} BuildRequires: libopenssl-devel openldap2-devel # bug437293 @@ -58,6 +58,7 @@ Patch8: krb5-1.6.3-fix-ipv6-query.dif Patch9: krb5-1.7-MITKRB5-SA-2010-004.dif Patch10: krb5-MITKRB5-SA-2010-005.dif Patch11: krb5-1.8.1-gssapi-error-table.dif +Patch12: krb5-1.8-MITKRB5-SA-2010-006.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %insserv_prereq %fillup_prereq @@ -208,6 +209,7 @@ Authors: %patch9 -p1 %patch10 -p1 %patch11 -p1 +%patch12 -p1 # Rename the man pages so that they'll get generated correctly. pushd src cat %{SOURCE10} | while read manpage ; do