diff options
Diffstat (limited to 'main/samba/0001-CVE-2018-16841-heimdal-Fix-segfault-on-PKINIT-with-m.patch')
-rw-r--r-- | main/samba/0001-CVE-2018-16841-heimdal-Fix-segfault-on-PKINIT-with-m.patch | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/main/samba/0001-CVE-2018-16841-heimdal-Fix-segfault-on-PKINIT-with-m.patch b/main/samba/0001-CVE-2018-16841-heimdal-Fix-segfault-on-PKINIT-with-m.patch new file mode 100644 index 0000000000..32dab1e0ea --- /dev/null +++ b/main/samba/0001-CVE-2018-16841-heimdal-Fix-segfault-on-PKINIT-with-m.patch @@ -0,0 +1,41 @@ +From e1026a1685b5838f2ca67965025b2381751c35cb Mon Sep 17 00:00:00 2001 +From: Andrew Bartlett <abartlet@samba.org> +Date: Tue, 23 Oct 2018 17:33:46 +1300 +Subject: [PATCH] CVE-2018-16841 heimdal: Fix segfault on PKINIT with + mis-matching principal + +In Heimdal KRB5_KDC_ERR_CLIENT_NAME_MISMATCH is an enum, so we tried to double-free +mem_ctx. + +This was introduced in 9a0263a7c316112caf0265237bfb2cfb3a3d370d for the +MIT KDC effort. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=13628 + +Signed-off-by: Andrew Bartlett <abartlet@samba.org> +Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> +--- + source4/kdc/db-glue.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c +index 9ac5a1d38f0..4d7ac333fcc 100644 +--- a/source4/kdc/db-glue.c ++++ b/source4/kdc/db-glue.c +@@ -2578,10 +2578,10 @@ samba_kdc_check_pkinit_ms_upn_match(krb5_context context, + * comparison */ + if (!(orig_sid && target_sid && dom_sid_equal(orig_sid, target_sid))) { + talloc_free(mem_ctx); +-#ifdef KRB5_KDC_ERR_CLIENT_NAME_MISMATCH /* Heimdal */ +- return KRB5_KDC_ERR_CLIENT_NAME_MISMATCH; +-#elif defined(KRB5KDC_ERR_CLIENT_NAME_MISMATCH) /* MIT */ ++#if defined(KRB5KDC_ERR_CLIENT_NAME_MISMATCH) /* MIT */ + return KRB5KDC_ERR_CLIENT_NAME_MISMATCH; ++#else /* Heimdal (where this is an enum) */ ++ return KRB5_KDC_ERR_CLIENT_NAME_MISMATCH; + #endif + } + +-- +2.18.1 + |