- fix a dereference of an uninitialized pointer while processing

authorization data. CVE-2010-1322, MITKRB5-SA-2010-006 (bnc#640990) OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=27
2010-10-11 08:46:56 +00:00 · 2010-10-11 08:46:56 +00:00 · 9482246780
commit 9482246780
parent 8c6241f662
5 changed files with 52 additions and 1 deletions
--- a/krb5-1.8-MITKRB5-SA-2010-006.dif
+++ b/krb5-1.8-MITKRB5-SA-2010-006.dif
@ -0,0 +1,33 @@
+Index: krb5-1.8.1/src/kdc/kdc_authdata.c
+===================================================================
+--- krb5-1.8.1.orig/src/kdc/kdc_authdata.c
+++ krb5-1.8.1/src/kdc/kdc_authdata.c
+@@ -495,7 +495,7 @@ merge_authdata (krb5_context context,
+                 krb5_boolean copy,
+                 krb5_boolean ignore_kdc_issued)
+ {
+-    size_t i, nadata = 0;
+    size_t i, j, nadata = 0;
+     krb5_authdata **authdata = *out_authdata;
+ 
+     if (in_authdata == NULL || in_authdata[0] == NULL)
+@@ -529,16 +529,16 @@ merge_authdata (krb5_context context,
+         in_authdata = tmp;
+     }
+ 
+-    for (i = 0; in_authdata[i] != NULL; i++) {
+    for (i = 0, j = 0; in_authdata[i] != NULL; i++) {
+         if (ignore_kdc_issued &&
+             is_kdc_issued_authdatum(context, in_authdata[i], 0)) {
+             free(in_authdata[i]->contents);
+             free(in_authdata[i]);
+         } else
+-            authdata[nadata + i] = in_authdata[i];
+            authdata[nadata + j++] = in_authdata[i];
+     }
+ 
+-    authdata[nadata + i] = NULL;
+    authdata[nadata + j] = NULL;
+ 
+     free(in_authdata);
+ 
--- a/krb5-mini.changes
+++ b/krb5-mini.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Mon Sep 27 11:42:43 CEST 2010 - mc@suse.de
+
+- fix a dereference of an uninitialized pointer while processing
+  authorization data. 
+  CVE-2010-1322, MITKRB5-SA-2010-006 (bnc#640990)
+
 -------------------------------------------------------------------
 Mon Jun 21 21:31:53 UTC 2010 - lchiquitto@novell.com

--- a/krb5-mini.spec
+++ b/krb5-mini.spec
@ -1,5 +1,5 @@
 #
-# spec file for package krb5-mini (Version 1.8.1)
+# spec file for package krb5 (Version 1.8.1)
 #
 # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
@ -58,6 +58,7 @@ Patch8:         krb5-1.6.3-fix-ipv6-query.dif
 Patch9:         krb5-1.7-MITKRB5-SA-2010-004.dif
 Patch10:        krb5-MITKRB5-SA-2010-005.dif
 Patch11:        krb5-1.8.1-gssapi-error-table.dif
+Patch12:        krb5-1.8-MITKRB5-SA-2010-006.dif
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 PreReq:         mktemp, grep, /bin/touch, coreutils
 PreReq:         %insserv_prereq %fillup_prereq 
@ -208,6 +209,7 @@ Authors:
 %patch9 -p1
 %patch10 -p1
 %patch11 -p1
+%patch12 -p1
 # Rename the man pages so that they'll get generated correctly.
 pushd src
 cat %{SOURCE10} | while read manpage ; do
--- a/krb5.changes
+++ b/krb5.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Mon Sep 27 11:42:43 CEST 2010 - mc@suse.de
+
+- fix a dereference of an uninitialized pointer while processing
+  authorization data. 
+  CVE-2010-1322, MITKRB5-SA-2010-006 (bnc#640990)
+
 -------------------------------------------------------------------
 Mon Jun 21 21:31:53 UTC 2010 - lchiquitto@novell.com

--- a/krb5.spec
+++ b/krb5.spec
@ -58,6 +58,7 @@ Patch8:         krb5-1.6.3-fix-ipv6-query.dif
 Patch9:         krb5-1.7-MITKRB5-SA-2010-004.dif
 Patch10:        krb5-MITKRB5-SA-2010-005.dif
 Patch11:        krb5-1.8.1-gssapi-error-table.dif
+Patch12:        krb5-1.8-MITKRB5-SA-2010-006.dif
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 PreReq:         mktemp, grep, /bin/touch, coreutils
 PreReq:         %insserv_prereq %fillup_prereq 
@ -208,6 +209,7 @@ Authors:
 %patch9 -p1
 %patch10 -p1
 %patch11 -p1
+%patch12 -p1
 # Rename the man pages so that they'll get generated correctly.
 pushd src
 cat %{SOURCE10} | while read manpage ; do