Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Eray Aslan (eras)" <eras@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo-x86 commit in app-crypt/mit-krb5-appl/files: CVE-2011-1526.patch
Date: Wed, 06 Jul 2011 13:48:55
Message-Id: 20110706134845.0FBD62004B@flycatcher.gentoo.org
1 eras 11/07/06 13:48:45
2
3 Added: CVE-2011-1526.patch
4 Log:
5 security bump - bug #374229
6
7 (Portage version: 2.1.10.4/cvs/Linux x86_64)
8
9 Revision Changes Path
10 1.1 app-crypt/mit-krb5-appl/files/CVE-2011-1526.patch
11
12 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-crypt/mit-krb5-appl/files/CVE-2011-1526.patch?rev=1.1&view=markup
13 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-crypt/mit-krb5-appl/files/CVE-2011-1526.patch?rev=1.1&content-type=text/plain
14
15 Index: CVE-2011-1526.patch
16 ===================================================================
17 diff --git a/configure.ac b/configure.ac
18 index 86e23f1..2fe68ad 100644
19 --- a/configure.ac
20 +++ b/configure.ac
21 @@ -107,6 +107,7 @@ AC_CHECK_FUNCS(_getpty cgetent getcwd getenv gettosbyname getusershell getutmp)
22 AC_CHECK_FUNCS(getutmpx grantpt inet_aton initgroups isatty killpg killpg)
23 AC_CHECK_FUNCS(line_push ptsname revoke rmufile rresvport_af)
24 AC_CHECK_FUNCS(seteuid setlogin setpgid setpriority setresuid setreuid)
25 +AC_CHECK_FUNCS(setegid setregid setresgid)
26 AC_CHECK_FUNCS(setutent setutsent setutxent strsave tcgetpgrp tcsetpgrp)
27 AC_CHECK_FUNCS(ttyname unsetenv updwtmp updwtmpx utimes utmpname utmpxname)
28 AC_CHECK_FUNCS(vhangup vsnprintf waitpid)
29 diff --git a/gssftp/ftpd/ftpd.c b/gssftp/ftpd/ftpd.c
30 index fe62a9c..a150819 100644
31 --- a/gssftp/ftpd/ftpd.c
32 +++ b/gssftp/ftpd/ftpd.c
33 @@ -994,9 +994,14 @@ login(passwd, logincode)
34 #endif
35 }
36
37 - (void) krb5_setegid((gid_t)pw->pw_gid);
38 - (void) initgroups(pw->pw_name, pw->pw_gid);
39 -
40 + if (krb5_setegid((gid_t)pw->pw_gid) < 0) {
41 + reply(550, "Can't set egid.");
42 + goto bad;
43 + }
44 + if (geteuid() == 0 && initgroups(pw->pw_name, pw->pw_gid) < 0) {
45 + reply(550, "Can't initgroups");
46 + goto bad;
47 + }
48 /* open wtmp before chroot */
49 (void) snprintf(ttyline, sizeof(ttyline), "ftp%ld", (long) getpid());
50 pty_logwtmp(ttyline, pw->pw_name, rhost_sane);
51 diff --git a/k5-util.h b/k5-util.h
52 index 7bb8cfb..64cd53d 100644
53 --- a/k5-util.h
54 +++ b/k5-util.h
55 @@ -69,8 +69,7 @@
56 #elif defined(HAVE_SETREUID)
57 # define krb5_seteuid(EUID) setreuid(geteuid(), (uid_t)(EUID))
58 #else
59 - /* You need to add a case to deal with this operating system.*/
60 -# define krb5_seteuid(EUID) (errno = EPERM, -1)
61 +# error "You need to add a case to deal with this operating system."
62 #endif
63
64 #ifdef HAVE_SETEGID
65 @@ -80,8 +79,7 @@
66 #elif defined(HAVE_SETREGID)
67 # define krb5_setegid(EGID) (setregid(getegid(), (gid_t)(EGID)))
68 #else
69 - /* You need to add a case to deal with this operating system.*/
70 -# define krb5_setegid(EGID) (errno = EPERM, -1)
71 +# error "You need to add a case to deal with this operating system."
72 #endif
73
74 #endif
Report Message
Find on MARC Find on Google Groups