1 |
eras 11/07/06 13:48:45 |
2 |
|
3 |
Added: CVE-2011-1526.patch |
4 |
Log: |
5 |
security bump - bug #374229 |
6 |
|
7 |
(Portage version: 2.1.10.4/cvs/Linux x86_64) |
8 |
|
9 |
Revision Changes Path |
10 |
1.1 app-crypt/mit-krb5-appl/files/CVE-2011-1526.patch |
11 |
|
12 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-crypt/mit-krb5-appl/files/CVE-2011-1526.patch?rev=1.1&view=markup |
13 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-crypt/mit-krb5-appl/files/CVE-2011-1526.patch?rev=1.1&content-type=text/plain |
14 |
|
15 |
Index: CVE-2011-1526.patch |
16 |
=================================================================== |
17 |
diff --git a/configure.ac b/configure.ac |
18 |
index 86e23f1..2fe68ad 100644 |
19 |
--- a/configure.ac |
20 |
+++ b/configure.ac |
21 |
@@ -107,6 +107,7 @@ AC_CHECK_FUNCS(_getpty cgetent getcwd getenv gettosbyname getusershell getutmp) |
22 |
AC_CHECK_FUNCS(getutmpx grantpt inet_aton initgroups isatty killpg killpg) |
23 |
AC_CHECK_FUNCS(line_push ptsname revoke rmufile rresvport_af) |
24 |
AC_CHECK_FUNCS(seteuid setlogin setpgid setpriority setresuid setreuid) |
25 |
+AC_CHECK_FUNCS(setegid setregid setresgid) |
26 |
AC_CHECK_FUNCS(setutent setutsent setutxent strsave tcgetpgrp tcsetpgrp) |
27 |
AC_CHECK_FUNCS(ttyname unsetenv updwtmp updwtmpx utimes utmpname utmpxname) |
28 |
AC_CHECK_FUNCS(vhangup vsnprintf waitpid) |
29 |
diff --git a/gssftp/ftpd/ftpd.c b/gssftp/ftpd/ftpd.c |
30 |
index fe62a9c..a150819 100644 |
31 |
--- a/gssftp/ftpd/ftpd.c |
32 |
+++ b/gssftp/ftpd/ftpd.c |
33 |
@@ -994,9 +994,14 @@ login(passwd, logincode) |
34 |
#endif |
35 |
} |
36 |
|
37 |
- (void) krb5_setegid((gid_t)pw->pw_gid); |
38 |
- (void) initgroups(pw->pw_name, pw->pw_gid); |
39 |
- |
40 |
+ if (krb5_setegid((gid_t)pw->pw_gid) < 0) { |
41 |
+ reply(550, "Can't set egid."); |
42 |
+ goto bad; |
43 |
+ } |
44 |
+ if (geteuid() == 0 && initgroups(pw->pw_name, pw->pw_gid) < 0) { |
45 |
+ reply(550, "Can't initgroups"); |
46 |
+ goto bad; |
47 |
+ } |
48 |
/* open wtmp before chroot */ |
49 |
(void) snprintf(ttyline, sizeof(ttyline), "ftp%ld", (long) getpid()); |
50 |
pty_logwtmp(ttyline, pw->pw_name, rhost_sane); |
51 |
diff --git a/k5-util.h b/k5-util.h |
52 |
index 7bb8cfb..64cd53d 100644 |
53 |
--- a/k5-util.h |
54 |
+++ b/k5-util.h |
55 |
@@ -69,8 +69,7 @@ |
56 |
#elif defined(HAVE_SETREUID) |
57 |
# define krb5_seteuid(EUID) setreuid(geteuid(), (uid_t)(EUID)) |
58 |
#else |
59 |
- /* You need to add a case to deal with this operating system.*/ |
60 |
-# define krb5_seteuid(EUID) (errno = EPERM, -1) |
61 |
+# error "You need to add a case to deal with this operating system." |
62 |
#endif |
63 |
|
64 |
#ifdef HAVE_SETEGID |
65 |
@@ -80,8 +79,7 @@ |
66 |
#elif defined(HAVE_SETREGID) |
67 |
# define krb5_setegid(EGID) (setregid(getegid(), (gid_t)(EGID))) |
68 |
#else |
69 |
- /* You need to add a case to deal with this operating system.*/ |
70 |
-# define krb5_setegid(EGID) (errno = EPERM, -1) |
71 |
+# error "You need to add a case to deal with this operating system." |
72 |
#endif |
73 |
|
74 |
#endif |