diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2016-09-14 15:54:27 +0200 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2016-09-14 15:55:14 +0200 |
commit | 5dfc3609c83443f92ad4f2deb320e2e4e8a711bd (patch) | |
tree | 8deaa9b1807dbc93182172c759e5811ec7fc15ae /main/krb5/CVE-2015-8630.patch | |
parent | 94dcb149b65b485dca49a36405a62c43c93c3646 (diff) | |
download | aports-5dfc3609c83443f92ad4f2deb320e2e4e8a711bd.tar.bz2 aports-5dfc3609c83443f92ad4f2deb320e2e4e8a711bd.tar.xz |
main/krb5: security upgrade to 1.14.3 (CVE-2016-3120)
fixes #6157
Diffstat (limited to 'main/krb5/CVE-2015-8630.patch')
-rw-r--r-- | main/krb5/CVE-2015-8630.patch | 75 |
1 files changed, 0 insertions, 75 deletions
diff --git a/main/krb5/CVE-2015-8630.patch b/main/krb5/CVE-2015-8630.patch deleted file mode 100644 index 72fefeb896..0000000000 --- a/main/krb5/CVE-2015-8630.patch +++ /dev/null @@ -1,75 +0,0 @@ -From b863de7fbf080b15e347a736fdda0a82d42f4f6b Mon Sep 17 00:00:00 2001 -From: Greg Hudson <ghudson@mit.edu> -Date: Fri, 8 Jan 2016 12:52:28 -0500 -Subject: [PATCH] Check for null kadm5 policy name [CVE-2015-8630] - -In kadm5_create_principal_3() and kadm5_modify_principal(), check for -entry->policy being null when KADM5_POLICY is included in the mask. - -CVE-2015-8630: - -In MIT krb5 1.12 and later, an authenticated attacker with permission -to modify a principal entry can cause kadmind to dereference a null -pointer by supplying a null policy value but including KADM5_POLICY in -the mask. - - CVSSv2 Vector: AV:N/AC:H/Au:S/C:N/I:N/A:C/E:POC/RL:OF/RC:C - -ticket: 8342 (new) -target_version: 1.14-next -target_version: 1.13-next -tags: pullup ---- - src/lib/kadm5/srv/svr_principal.c | 12 ++++++++---- - 1 file changed, 8 insertions(+), 4 deletions(-) - -diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c -index 5b95fa3..1d4365c 100644 ---- a/src/lib/kadm5/srv/svr_principal.c -+++ b/src/lib/kadm5/srv/svr_principal.c -@@ -395,6 +395,8 @@ kadm5_create_principal_3(void *server_handle, - /* - * Argument sanity checking, and opening up the DB - */ -+ if (entry == NULL) -+ return EINVAL; - if(!(mask & KADM5_PRINCIPAL) || (mask & KADM5_MOD_NAME) || - (mask & KADM5_MOD_TIME) || (mask & KADM5_LAST_PWD_CHANGE) || - (mask & KADM5_MKVNO) || (mask & KADM5_AUX_ATTRIBUTES) || -@@ -403,12 +405,12 @@ kadm5_create_principal_3(void *server_handle, - return KADM5_BAD_MASK; - if ((mask & KADM5_KEY_DATA) && entry->n_key_data != 0) - return KADM5_BAD_MASK; -+ if((mask & KADM5_POLICY) && entry->policy == NULL) -+ return KADM5_BAD_MASK; - if((mask & KADM5_POLICY) && (mask & KADM5_POLICY_CLR)) - return KADM5_BAD_MASK; - if((mask & ~ALL_PRINC_MASK)) - return KADM5_BAD_MASK; -- if (entry == NULL) -- return EINVAL; - - /* - * Check to see if the principal exists -@@ -643,6 +645,8 @@ kadm5_modify_principal(void *server_handle, - - krb5_clear_error_message(handle->context); - -+ if(entry == NULL) -+ return EINVAL; - if((mask & KADM5_PRINCIPAL) || (mask & KADM5_LAST_PWD_CHANGE) || - (mask & KADM5_MOD_TIME) || (mask & KADM5_MOD_NAME) || - (mask & KADM5_MKVNO) || (mask & KADM5_AUX_ATTRIBUTES) || -@@ -651,10 +655,10 @@ kadm5_modify_principal(void *server_handle, - return KADM5_BAD_MASK; - if((mask & ~ALL_PRINC_MASK)) - return KADM5_BAD_MASK; -+ if((mask & KADM5_POLICY) && entry->policy == NULL) -+ return KADM5_BAD_MASK; - if((mask & KADM5_POLICY) && (mask & KADM5_POLICY_CLR)) - return KADM5_BAD_MASK; -- if(entry == (kadm5_principal_ent_t) NULL) -- return EINVAL; - if (mask & KADM5_TL_DATA) { - tl_data_orig = entry->tl_data; - while (tl_data_orig) { |