diff --git a/0009-Fix-KDC-null-deref-on-TGS-inner-body-null-server.patch b/0009-Fix-KDC-null-deref-on-TGS-inner-body-null-server.patch deleted file mode 100644 index 25a168e..0000000 --- a/0009-Fix-KDC-null-deref-on-TGS-inner-body-null-server.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 74444508aa249bf8d34865e25413c6432e7583b4 Mon Sep 17 00:00:00 2001 -From: Greg Hudson -Date: Tue, 3 Aug 2021 01:15:27 -0400 -Subject: [PATCH] Fix KDC null deref on TGS inner body null server - -After the KDC decodes a FAST inner body, it does not check for a null -server. Prior to commit 39548a5b17bbda9eeb63625a201cfd19b9de1c5b this -would typically result in an error from krb5_unparse_name(), but with -the addition of get_local_tgt() it results in a null dereference. Add -a null check. - -Reported by Joseph Sutton of Catalyst. - -CVE-2021-37750: - -In MIT krb5 releases 1.14 and later, an authenticated attacker can -cause a null dereference in the KDC by sending a FAST TGS request with -no server field. - -ticket: 9008 (new) -tags: pullup -target_version: 1.19-next -target_version: 1.18-next - -(cherry picked from commit d775c95af7606a51bf79547a94fa52ddd1cb7f49) ---- - src/kdc/do_tgs_req.c | 5 +++++ - 1 file changed, 5 insertions(+) - -Index: krb5-1.19.3/src/kdc/do_tgs_req.c -=================================================================== ---- krb5-1.19.3.orig/src/kdc/do_tgs_req.c -+++ krb5-1.19.3/src/kdc/do_tgs_req.c -@@ -212,6 +212,11 @@ process_tgs_req(krb5_kdc_req *request, k - errcode = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN; - goto cleanup; - } -+ if (sprinc == NULL) { -+ status = "NULL_SERVER"; -+ errcode = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN; -+ goto cleanup; -+ } - - errcode = get_local_tgt(kdc_context, &sprinc->realm, header_server, - &local_tgt, &local_tgt_storage, &local_tgt_key); diff --git a/krb5-mini.changes b/krb5-mini.changes index fa2ebd7..3e27f11 100644 --- a/krb5-mini.changes +++ b/krb5-mini.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Dec 13 10:49:47 UTC 2022 - Samuel Cabrero + +- Drop 0009-Fix-KDC-null-deref-on-TGS-inner-body-null-server.patch, + already fixed in release 1.20.0 + ------------------------------------------------------------------- Wed Nov 16 07:49:09 UTC 2022 - Samuel Cabrero diff --git a/krb5-mini.spec b/krb5-mini.spec index 3ac203c..bd86fe1 100644 --- a/krb5-mini.spec +++ b/krb5-mini.spec @@ -44,7 +44,6 @@ Patch5: 0005-krb5-1.6.3-ktutil-manpage.patch Patch6: 0006-krb5-1.12-api.patch Patch7: 0007-SELinux-integration.patch Patch8: 0008-krb5-1.9-debuginfo.patch -Patch9: 0009-Fix-KDC-null-deref-on-TGS-inner-body-null-server.patch BuildRequires: autoconf BuildRequires: bison BuildRequires: keyutils diff --git a/krb5.changes b/krb5.changes index 07400eb..a82ce0d 100644 --- a/krb5.changes +++ b/krb5.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Dec 13 10:49:47 UTC 2022 - Samuel Cabrero + +- Drop 0009-Fix-KDC-null-deref-on-TGS-inner-body-null-server.patch, + already fixed in release 1.20.0 + ------------------------------------------------------------------- Wed Nov 16 07:49:09 UTC 2022 - Samuel Cabrero diff --git a/krb5.spec b/krb5.spec index 2736110..be63805 100644 --- a/krb5.spec +++ b/krb5.spec @@ -42,7 +42,6 @@ Patch5: 0005-krb5-1.6.3-ktutil-manpage.patch Patch6: 0006-krb5-1.12-api.patch Patch7: 0007-SELinux-integration.patch Patch8: 0008-krb5-1.9-debuginfo.patch -Patch9: 0009-Fix-KDC-null-deref-on-TGS-inner-body-null-server.patch BuildRequires: autoconf BuildRequires: bison BuildRequires: cyrus-sasl-devel