Gentoo Archives: gentoo-commits

From: "Eray Aslan (eras)" <eras@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo-x86 commit in app-crypt/mit-krb5/files: CVE-2012-1014.patch CVE-2012-1015.patch
Date: Wed, 01 Aug 2012 16:38:14
Message-Id: 20120801163800.829312004C@flycatcher.gentoo.org
1 eras 12/08/01 16:38:00
2
3 Added: CVE-2012-1014.patch CVE-2012-1015.patch
4 Log:
5 Security bump - bug #429324
6
7 (Portage version: 2.1.11.9/cvs/Linux x86_64)
8
9 Revision Changes Path
10 1.1 app-crypt/mit-krb5/files/CVE-2012-1014.patch
11
12 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-crypt/mit-krb5/files/CVE-2012-1014.patch?rev=1.1&view=markup
13 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-crypt/mit-krb5/files/CVE-2012-1014.patch?rev=1.1&content-type=text/plain
14
15 Index: CVE-2012-1014.patch
16 ===================================================================
17 diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c
18 index 23623fe..8ada9d0 100644
19 --- a/src/kdc/do_as_req.c
20 +++ b/src/kdc/do_as_req.c
21 @@ -463,7 +463,7 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
22 krb5_enctype useenctype;
23 struct as_req_state *state;
24
25 - state = malloc(sizeof(*state));
26 + state = calloc(sizeof(*state), 1);
27 if (!state) {
28 (*respond)(arg, ENOMEM, NULL);
29 return;
30 @@ -486,6 +486,7 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
31 state->authtime = 0;
32 state->c_flags = 0;
33 state->req_pkt = req_pkt;
34 + state->inner_body = NULL;
35 state->rstate = NULL;
36 state->sname = 0;
37 state->cname = 0;
38
39
40
41 1.1 app-crypt/mit-krb5/files/CVE-2012-1015.patch
42
43 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-crypt/mit-krb5/files/CVE-2012-1015.patch?rev=1.1&view=markup
44 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-crypt/mit-krb5/files/CVE-2012-1015.patch?rev=1.1&content-type=text/plain
45
46 Index: CVE-2012-1015.patch
47 ===================================================================
48 diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c
49 index 9d8cb34..d4ece3f 100644
50 --- a/src/kdc/kdc_preauth.c
51 +++ b/src/kdc/kdc_preauth.c
52 @@ -1438,7 +1438,8 @@ etype_info_helper(krb5_context context, krb5_kdc_req *request,
53 continue;
54
55 }
56 - if (request_contains_enctype(context, request, db_etype)) {
57 + if (krb5_is_permitted_enctype(context, db_etype) &&
58 + request_contains_enctype(context, request, db_etype)) {
59 retval = _make_etype_info_entry(context, client->princ,
60 client_key, db_etype,
61 &entry[i], etype_info2);
62 diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c
63 index a43b291..94dad3a 100644
64 --- a/src/kdc/kdc_util.c
65 +++ b/src/kdc/kdc_util.c
66 @@ -2461,6 +2461,7 @@ kdc_handle_protected_negotiation(krb5_data *req_pkt, krb5_kdc_req *request,
67 return 0;
68 pa.magic = KV5M_PA_DATA;
69 pa.pa_type = KRB5_ENCPADATA_REQ_ENC_PA_REP;
70 + memset(&checksum, 0, sizeof(checksum));
71 retval = krb5_c_make_checksum(kdc_context,0, reply_key,
72 KRB5_KEYUSAGE_AS_REQ, req_pkt, &checksum);
73 if (retval != 0)
74 diff --git a/src/lib/kdb/kdb_default.c b/src/lib/kdb/kdb_default.c
75 index c4bf92e..367c894 100644
76 --- a/src/lib/kdb/kdb_default.c
77 +++ b/src/lib/kdb/kdb_default.c
78 @@ -61,6 +61,9 @@ krb5_dbe_def_search_enctype(kcontext, dbentp, start, ktype, stype, kvno, kdatap)
79 krb5_boolean saw_non_permitted = FALSE;
80
81 ret = 0;
82 + if (ktype != -1 && !krb5_is_permitted_enctype(kcontext, ktype))
83 + return KRB5_KDB_NO_PERMITTED_KEY;
84 +
85 if (kvno == -1 && stype == -1 && ktype == -1)
86 kvno = 0;