Accepting request 35618 from home:mcalmer:branches:network

Copy from home:mcalmer:branches:network/krb5 via accept of submit request 35618 revision 2. Request was accepted with message: OBS-URL: https://build.opensuse.org/request/show/35618 OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=14
2010-03-24 09:00:53 +00:00 · 2010-03-24 09:00:53 +00:00 · 28dc0dd056
commit 28dc0dd056
parent f9e6d882fd
6 changed files with 93 additions and 2 deletions
--- a/krb5-1.7-MITKRB5-SA-2010-002.dif
+++ b/krb5-1.7-MITKRB5-SA-2010-002.dif
@ -0,0 +1,71 @@
 Index: src/lib/gssapi/spnego/spnego_mech.c
 ===================================================================
 --- src/lib/gssapi/spnego/spnego_mech.c.orig
 +++ src/lib/gssapi/spnego/spnego_mech.c
@@ -1576,7 +1576,7 @@ spnego_gss_accept_sec_context(
 	spnego_gss_ctx_id_t sc = NULL;
 	spnego_gss_cred_id_t spcred = NULL;
 	OM_uint32 mechstat = GSS_S_FAILURE;
 -	int sendTokenInit = 0;
 +	int sendTokenInit = 0, tmpret;
 	mechtok_in = mic_in = mic_out = GSS_C_NO_BUFFER;
@@ -1609,7 +1609,6 @@ spnego_gss_accept_sec_context(
 		if (delegated_cred_handle != NULL)
 			*delegated_cred_handle = GSS_C_NO_CREDENTIAL;
 		if (input_token->length == 0) {
 -			sendTokenInit = 1;
 			ret = acc_ctx_hints(minor_status,
 					    context_handle, spcred,
 					    &mic_out,
@@ -1617,6 +1616,7 @@ spnego_gss_accept_sec_context(
 					    &return_token);
 			if (ret != GSS_S_COMPLETE)
 				goto cleanup;
 +			sendTokenInit = 1;
 			ret = GSS_S_CONTINUE_NEEDED;
 		} else {
 			/* Can set negState to REQUEST_MIC */
@@ -1664,27 +1664,21 @@ spnego_gss_accept_sec_context(
 				 &negState, &return_token);
 	}
 cleanup:
 -	if (return_token != NO_TOKEN_SEND && return_token != CHECK_MIC) {
 -		/* For acceptor-sends-first send a tokenInit */
 -		int tmpret;
 -
 +	if (return_token == INIT_TOKEN_SEND && sendTokenInit) {
 		assert(sc != NULL);
 -
 -		if (sendTokenInit) {
 -			tmpret = make_spnego_tokenInit_msg(sc,
 -							   1,
 -							   mic_out,
 -							   0,
 -							   GSS_C_NO_BUFFER,
 -							   return_token,
 -							   output_token);
 -		} else {
 -			tmpret = make_spnego_tokenTarg_msg(negState,
 -							   sc ? sc->internal_mech : GSS_C_NO_OID,
 -							   &mechtok_out, mic_out,
 -							   return_token,
 -							   output_token);
 -		}
 +		tmpret = make_spnego_tokenInit_msg(sc, 1, mic_out, 0,
 +						   GSS_C_NO_BUFFER,
 +						   return_token, output_token);
 +		if (tmpret < 0)
 +			ret = GSS_S_FAILURE;
 +	} else if (return_token != NO_TOKEN_SEND &&
 +		   return_token != CHECK_MIC) {
 +		tmpret = make_spnego_tokenTarg_msg(negState,
 +						   sc ? sc->internal_mech :
 +						   GSS_C_NO_OID,
 +						   &mechtok_out, mic_out,
 +						   return_token,
 +						   output_token);
 		if (tmpret < 0)
 			ret = GSS_S_FAILURE;
 	}
--- a/krb5-1.8-POST.dif
+++ b/krb5-1.8-POST.dif
@ -179,7 +179,7 @@ Index: src/lib/gssapi/spnego/spnego_mech.c
 ===================================================================
 --- src/lib/gssapi/spnego/spnego_mech.c.orig
 +++ src/lib/gssapi/spnego/spnego_mech.c
-@@ -1693,6 +1693,7 @@ cleanup:
+@@ -1687,6 +1687,7 @@ cleanup:
 		if (sc->internal_name != GSS_C_NO_NAME &&
 		    src_name != NULL) {
 			*src_name = sc->internal_name;
@ -187,7 +187,7 @@ Index: src/lib/gssapi/spnego/spnego_mech.c
 		}
 		release_spnego_ctx(&sc);
 	} else if (ret != GSS_S_CONTINUE_NEEDED) {
-@@ -2578,6 +2579,8 @@ release_spnego_ctx(spnego_gss_ctx_id_t *
+@@ -2572,6 +2573,8 @@ release_spnego_ctx(spnego_gss_ctx_id_t *
 		(void) generic_gss_release_oid(&minor_stat,
 				&context->internal_mech);
--- a/krb5-mini.changes
+++ b/krb5-mini.changes
@ -1,3 +1,11 @@
 -------------------------------------------------------------------
 Tue Mar 23 14:32:41 CET 2010 - mc@suse.de
 - fix a bug where an unauthenticated remote attacker could cause
  a GSS-API application including the Kerberos administration
  daemon (kadmind) to crash.
  CVE-2010-0628, MITKRB5-SA-2010-002 (bnc#582557) 
 -------------------------------------------------------------------
 Tue Mar 23 12:33:26 CET 2010 - mc@suse.de
--- a/krb5-mini.spec
+++ b/krb5-mini.spec
@ -55,6 +55,7 @@ Patch34:        krb5-1.6.3-gssapi_improve_errormessages.dif
 Patch41:        krb5-1.6.3-kpasswd_tcp.patch
 Patch44:        krb5-1.6.3-ktutil-manpage.dif
 Patch46:        krb5-1.6.3-fix-ipv6-query.dif
 Patch47:        krb5-1.7-MITKRB5-SA-2010-002.dif
 Patch50:        krb5-1.8-POST.dif
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 PreReq:         mktemp, grep, /bin/touch, coreutils
@ -203,6 +204,7 @@ Authors:
 %patch41 
 %patch44 -p1
 %patch46 -p1
 %patch47
 %patch50
 # Rename the man pages so that they'll get generated correctly.
 pushd src
--- a/krb5.changes
+++ b/krb5.changes
@ -1,3 +1,11 @@
 -------------------------------------------------------------------
 Tue Mar 23 14:32:41 CET 2010 - mc@suse.de
 - fix a bug where an unauthenticated remote attacker could cause
  a GSS-API application including the Kerberos administration
  daemon (kadmind) to crash.
  CVE-2010-0628, MITKRB5-SA-2010-002 (bnc#582557) 
 -------------------------------------------------------------------
 Tue Mar 23 12:33:26 CET 2010 - mc@suse.de
--- a/krb5.spec
+++ b/krb5.spec
@ -55,6 +55,7 @@ Patch34:        krb5-1.6.3-gssapi_improve_errormessages.dif
 Patch41:        krb5-1.6.3-kpasswd_tcp.patch
 Patch44:        krb5-1.6.3-ktutil-manpage.dif
 Patch46:        krb5-1.6.3-fix-ipv6-query.dif
 Patch47:        krb5-1.7-MITKRB5-SA-2010-002.dif
 Patch50:        krb5-1.8-POST.dif
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 PreReq:         mktemp, grep, /bin/touch, coreutils
@ -203,6 +204,7 @@ Authors:
 %patch41 
 %patch44 -p1
 %patch46 -p1
 %patch47
 %patch50
 # Rename the man pages so that they'll get generated correctly.
 pushd src