rpm/krb5
SHA256
1
0
Fork 0
forked from pool/krb5
Code Pull Requests Activity

- fix kadmind invalid pointer free()

Browse Source 
(MITKRB5-SA-2011-004, bnc#687469)
  CVE-2011-0285

- fix kadmind invalid pointer free()
  (MITKRB5-SA-2011-004, bnc#687469)
  CVE-2011-0285

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=43
This commit is contained in:
Michael Calmer 2011-04-14 09:34:57 +00:00 committed by Git OBS Bridge
parent a6f8b7928f
commit 4434f35b8f
5 changed files with 55 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
krb5-1.8-MITKRB5-SA-2011-004.dif Normal file
View File

@ -0,0 +1,35 @@
diff --git a/src/kadmin/server/network.c b/src/kadmin/server/network.c
index c8ce4f1..bb911ff 100644
--- a/src/kadmin/server/network.c
+++ b/src/kadmin/server/network.c
@@ -1384,6 +1384,10 @@ cleanup:
if (local_kaddrs != NULL)
krb5_free_addresses(server_handle->context, local_kaddrs);
+ if ((*response)->data == NULL) {
+ free(*response);
+ *response = NULL;
+ }
krb5_kt_close(server_handle->context, kt);
return ret;
diff --git a/src/kadmin/server/schpw.c b/src/kadmin/server/schpw.c
index c1b2217..992b55f 100644
--- a/src/kadmin/server/schpw.c
+++ b/src/kadmin/server/schpw.c
@@ -74,8 +74,13 @@ process_chpw_request(context, server_handle, realm, keytab,
plen = (*ptr++ & 0xff);
plen = (plen<<8) | (*ptr++ & 0xff);
- if (plen != req->length)
- return(KRB5KRB_AP_ERR_MODIFIED);
+ if (plen != req->length) {
+ ret = KRB5KRB_AP_ERR_MODIFIED;
+ numresult = KRB5_KPASSWD_MALFORMED;
+ strlcpy(strresult, "Request length was inconsistent",
+ sizeof(strresult));
+ goto chpwfail;
+ }
/* verify version number */

7
krb5-mini.changes
View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Thu Apr 14 11:33:18 CEST 2011 - mc@suse.de
- fix kadmind invalid pointer free()
(MITKRB5-SA-2011-004, bnc#687469)
CVE-2011-0285
-------------------------------------------------------------------
Tue Mar 1 12:43:22 CET 2011 - mc@suse.de

6
krb5-mini.spec
View File

@ -1,5 +1,5 @@
#
# spec file for package krb5-mini
# spec file for package krb5
#
# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
@ -28,7 +28,7 @@ Url: http://web.mit.edu/kerberos/www/
BuildRequires: bison libcom_err-devel ncurses-devel
BuildRequires: keyutils keyutils-devel
Version: 1.8.3
Release: 5
Release: 18
%if ! 0%{?build_mini}
BuildRequires: libopenssl-devel openldap2-devel
# bug437293
@ -60,6 +60,7 @@ Patch13: MITKRB5-SA-2010-007-1.8.dif
Patch14: krb5-1.8-MITKRB5-SA-2011-001.dif
Patch15: krb5-1.8-MITKRB5-SA-2011-002.dif
Patch16: krb5-1.8-MITKRB5-SA-2011-003.dif
Patch17: krb5-1.8-MITKRB5-SA-2011-004.dif
BuildRoot: %{_tmppath}/%{name}-%{version}-build
PreReq: mktemp, grep, /bin/touch, coreutils
PreReq: %insserv_prereq %fillup_prereq
@ -212,6 +213,7 @@ Authors:
%patch14 -p1
%patch15 -p0
%patch16 -p1
%patch17 -p1
# Rename the man pages so that they'll get generated correctly.
pushd src
cat %{SOURCE10} | while read manpage ; do

7
krb5.changes
View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Thu Apr 14 11:33:18 CEST 2011 - mc@suse.de
- fix kadmind invalid pointer free()
(MITKRB5-SA-2011-004, bnc#687469)
CVE-2011-0285
-------------------------------------------------------------------
Tue Mar 1 12:43:22 CET 2011 - mc@suse.de

2
krb5.spec
View File

@ -60,6 +60,7 @@ Patch13: MITKRB5-SA-2010-007-1.8.dif
Patch14: krb5-1.8-MITKRB5-SA-2011-001.dif
Patch15: krb5-1.8-MITKRB5-SA-2011-002.dif
Patch16: krb5-1.8-MITKRB5-SA-2011-003.dif
Patch17: krb5-1.8-MITKRB5-SA-2011-004.dif
BuildRoot: %{_tmppath}/%{name}-%{version}-build
PreReq: mktemp, grep, /bin/touch, coreutils
PreReq: %insserv_prereq %fillup_prereq
@ -212,6 +213,7 @@ Authors:
%patch14 -p1
%patch15 -p0
%patch16 -p1
%patch17 -p1
# Rename the man pages so that they'll get generated correctly.
pushd src
cat %{SOURCE10} | while read manpage ; do