SHA256
1
0
forked from pool/krb5

- fix GSS-API library null pointer dereference

CVE-2010-1321, MITKRB5-SA-2010-005 (bnc#596826)

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=23
This commit is contained in:
Michael Calmer 2010-05-19 12:28:19 +00:00 committed by Git OBS Bridge
parent b4fda1ea93
commit b83e316992
5 changed files with 35 additions and 1 deletions

View File

@ -0,0 +1,18 @@
Index: krb5-1.8.1/src/lib/gssapi/krb5/accept_sec_context.c
===================================================================
--- krb5-1.8.1.orig/src/lib/gssapi/krb5/accept_sec_context.c
+++ krb5-1.8.1/src/lib/gssapi/krb5/accept_sec_context.c
@@ -647,6 +647,13 @@ kg_accept_krb5(minor_status, context_han
goto fail;
}
+ if (authdat->checksum == NULL) {
+ /* missing checksum counts as "inappropriate type" */
+ code = KRB5KRB_AP_ERR_INAPP_CKSUM;
+ major_status = GSS_S_FAILURE;
+ goto fail;
+ }
+
/* verify that the checksum is correct */
/*

View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Wed May 19 14:27:19 CEST 2010 - mc@suse.de
- fix GSS-API library null pointer dereference
CVE-2010-1321, MITKRB5-SA-2010-005 (bnc#596826)
-------------------------------------------------------------------
Wed Apr 14 11:36:32 CEST 2010 - mc@suse.de

View File

@ -1,5 +1,5 @@
#
# spec file for package krb5-mini (Version 1.8.1)
# spec file for package krb5 (Version 1.8.1)
#
# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
@ -56,6 +56,7 @@ Patch6: krb5-1.6.3-kpasswd_tcp.patch
Patch7: krb5-1.6.3-ktutil-manpage.dif
Patch8: krb5-1.6.3-fix-ipv6-query.dif
Patch9: krb5-1.7-MITKRB5-SA-2010-004.dif
Patch10: krb5-MITKRB5-SA-2010-005.dif
BuildRoot: %{_tmppath}/%{name}-%{version}-build
PreReq: mktemp, grep, /bin/touch, coreutils
PreReq: %insserv_prereq %fillup_prereq
@ -204,6 +205,7 @@ Authors:
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
# Rename the man pages so that they'll get generated correctly.
pushd src
cat %{SOURCE10} | while read manpage ; do

View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Wed May 19 14:27:19 CEST 2010 - mc@suse.de
- fix GSS-API library null pointer dereference
CVE-2010-1321, MITKRB5-SA-2010-005 (bnc#596826)
-------------------------------------------------------------------
Wed Apr 14 11:36:32 CEST 2010 - mc@suse.de

View File

@ -56,6 +56,7 @@ Patch6: krb5-1.6.3-kpasswd_tcp.patch
Patch7: krb5-1.6.3-ktutil-manpage.dif
Patch8: krb5-1.6.3-fix-ipv6-query.dif
Patch9: krb5-1.7-MITKRB5-SA-2010-004.dif
Patch10: krb5-MITKRB5-SA-2010-005.dif
BuildRoot: %{_tmppath}/%{name}-%{version}-build
PreReq: mktemp, grep, /bin/touch, coreutils
PreReq: %insserv_prereq %fillup_prereq
@ -204,6 +205,7 @@ Authors:
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
# Rename the man pages so that they'll get generated correctly.
pushd src
cat %{SOURCE10} | while read manpage ; do