- buffer overrun in kadmind with LDAP backend

CVE-2014-4345 (bnc#891082) krb5-1.12-CVE-2014-4345-buffer-overrun-in-kadmind-with-LDAP-backend.patch OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=126
2014-08-11 11:01:01 +00:00 · 2014-08-11 11:01:01 +00:00 · e1506944cc
commit e1506944cc
parent f2e853070c
5 changed files with 32 additions and 0 deletions
--- a/krb5-1.12-CVE-2014-4345-buffer-overrun-in-kadmind-with-LDAP-backend.patch
+++ b/krb5-1.12-CVE-2014-4345-buffer-overrun-in-kadmind-with-LDAP-backend.patch
@ -0,0 +1,14 @@
 diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
 index ce851ea..df5934c 100644
 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
 +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
@@ -456,7 +456,8 @@ krb5_encode_krbsecretkey(krb5_key_data *key_data_in, int n_key_data,
             j++;
             last = i + 1;
 -            currkvno = key_data[i].key_data_kvno;
 +            if (i < n_key_data - 1)
 +                currkvno = key_data[i + 1].key_data_kvno;
         }
     }
     ret[num_versions] = NULL;
--- a/krb5-mini.changes
+++ b/krb5-mini.changes
@ -1,3 +1,10 @@
 -------------------------------------------------------------------
 Fri Aug  8 15:55:01 UTC 2014 - ckornacker@suse.com
 - buffer overrun in kadmind with LDAP backend
  CVE-2014-4345 (bnc#891082)
  krb5-1.12-CVE-2014-4345-buffer-overrun-in-kadmind-with-LDAP-backend.patch 
 -------------------------------------------------------------------
 Mon Jul 28 09:22:06 UTC 2014 - ckornacker@suse.com
--- a/krb5-mini.spec
+++ b/krb5-mini.spec
@ -86,6 +86,7 @@ Patch15:        krb5-master-keyring-kdcsync.patch
 Patch16:        krb5-1.12-CVE-2014-4341-CVE-2014-4342.patch
 Patch17:        krb5-1.12-CVE-2014-4343-Fix-double-free-in-SPNEGO.patch
 Patch18:        krb5-1.12-CVE-2014-4344-Fix-null-deref-in-SPNEGO-acceptor.patch
 Patch19:        krb5-1.12-CVE-2014-4345-buffer-overrun-in-kadmind-with-LDAP-backend.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 PreReq:         mktemp, grep, /bin/touch, coreutils
 PreReq:         %fillup_prereq 
@ -209,6 +210,7 @@ Include Files for Development
 %patch16 -p1
 %patch17 -p1
 %patch18 -p1
 %patch19 -p1
 %build
 # needs to be re-generated
--- a/krb5.changes
+++ b/krb5.changes
@ -1,3 +1,10 @@
 -------------------------------------------------------------------
 Fri Aug  8 15:55:01 UTC 2014 - ckornacker@suse.com
 - buffer overrun in kadmind with LDAP backend
  CVE-2014-4345 (bnc#891082)
  krb5-1.12-CVE-2014-4345-buffer-overrun-in-kadmind-with-LDAP-backend.patch 
 -------------------------------------------------------------------
 Mon Jul 28 09:22:06 UTC 2014 - ckornacker@suse.com
--- a/krb5.spec
+++ b/krb5.spec
@ -86,6 +86,7 @@ Patch15:        krb5-master-keyring-kdcsync.patch
 Patch16:        krb5-1.12-CVE-2014-4341-CVE-2014-4342.patch
 Patch17:        krb5-1.12-CVE-2014-4343-Fix-double-free-in-SPNEGO.patch
 Patch18:        krb5-1.12-CVE-2014-4344-Fix-null-deref-in-SPNEGO-acceptor.patch
 Patch19:        krb5-1.12-CVE-2014-4345-buffer-overrun-in-kadmind-with-LDAP-backend.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 PreReq:         mktemp, grep, /bin/touch, coreutils
 PreReq:         %fillup_prereq 
@ -209,6 +210,7 @@ Include Files for Development
 %patch16 -p1
 %patch17 -p1
 %patch18 -p1
 %patch19 -p1
 %build
 # needs to be re-generated