Accepting request 251631 from home:varkoly:branches:network

- bnc#897874 CVE-2014-5351: krb5: current keys returned when randomizing the keys for a service principal - added patches: * bnc#897874-CVE-2014-5351.diff OBS-URL: https://build.opensuse.org/request/show/251631 OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=130
2014-09-25 08:28:07 +00:00 · 2014-09-25 08:28:07 +00:00 · 23582573aa
commit 23582573aa
parent 1e26a2fb1a
3 changed files with 57 additions and 0 deletions
--- a/bnc#897874-CVE-2014-5351.diff
+++ b/bnc#897874-CVE-2014-5351.diff
@ -0,0 +1,49 @@
+diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c
+index 5d358bd..d4e74cc 100644
+--- a/src/lib/kadm5/srv/svr_principal.c
+++ b/src/lib/kadm5/srv/svr_principal.c
+@@ -344,6 +344,20 @@ check_1_6_dummy(kadm5_principal_ent_t entry, long mask,
+     *passptr = NULL;
+ }
+ 
+/* Return the number of keys with the newest kvno.  Assumes that all key data
+ * with the newest kvno are at the front of the key data array. */
+static int
+count_new_keys(int n_key_data, krb5_key_data *key_data)
+{
+    int n;
+
+    for (n = 1; n < n_key_data; n++) {
+        if (key_data[n - 1].key_data_kvno != key_data[n].key_data_kvno)
+            return n;
+    }
+    return n_key_data;
+}
+
+ kadm5_ret_t
+ kadm5_create_principal(void *server_handle,
+                        kadm5_principal_ent_t entry, long mask,
+@@ -1593,7 +1607,7 @@ kadm5_randkey_principal_3(void *server_handle,
+     osa_princ_ent_rec           adb;
+     krb5_int32                  now;
+     kadm5_policy_ent_rec        pol;
+-    int                         ret, last_pwd;
+    int                         ret, last_pwd, n_new_keys;
+     krb5_boolean                have_pol = FALSE;
+     kadm5_server_handle_t       handle = server_handle;
+     krb5_keyblock               *act_mkey;
+@@ -1686,8 +1700,9 @@ kadm5_randkey_principal_3(void *server_handle,
+     kdb->fail_auth_count = 0;
+ 
+     if (keyblocks) {
+-        ret = decrypt_key_data(handle->context,
+-                               kdb->n_key_data, kdb->key_data,
+        /* Return only the new keys added by krb5_dbe_crk. */
+        n_new_keys = count_new_keys(kdb->n_key_data, kdb->key_data);
+        ret = decrypt_key_data(handle->context, n_new_keys, kdb->key_data,
+                                keyblocks, n_keys);
+         if (ret)
+             goto done;
+-- 
+1.8.5.2
+
--- a/krb5.changes
+++ b/krb5.changes
@ -1,4 +1,10 @@
 -------------------------------------------------------------------
+Tue Sep 23 13:25:33 UTC 2014 - varkoly@suse.com
+
+-  bnc#897874 CVE-2014-5351: krb5: current keys returned when randomizing the keys for a service principal 
+- added patches:
+  * bnc#897874-CVE-2014-5351.diff
+-------------------------------------------------------------------
 Sat Aug 30 22:29:28 UTC 2014 - andreas.stieger@gmx.de

 - krb5 5.12.2:
--- a/krb5.spec
+++ b/krb5.spec
@ -83,6 +83,7 @@ Patch12:        krb5-1.12-selinux-label.patch
 Patch13:        krb5-1.9-debuginfo.patch
 Patch14:        krb5-kvno-230379.patch
 Patch20:        krb5-1.12-doxygen.patch
+Patch21:        bnc#897874-CVE-2014-5351.diff
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 PreReq:         mktemp, grep, /bin/touch, coreutils
 PreReq:         %fillup_prereq 
@ -203,6 +204,7 @@ Include Files for Development
 %patch13 -p0
 %patch14 -p1
 %patch20 -p1
+%patch21 -p1

 %build
 # needs to be re-generated