From a984987efa2e80601bea6fb44ab28c786850acd4 Mon Sep 17 00:00:00 2001 From: Leonardo Arena Date: Thu, 18 Mar 2010 07:51:25 +0000 Subject: main/heimdal: filter invalid enctypes instead of rejecting (cherry picked from commit 265b5747b9dd90b6a6f06b2b8f60618083ebd61b) --- main/heimdal/APKBUILD | 7 +++- .../return-invalid-enctype-for-weak-crypto.patch | 48 ++++++++++++++++++++++ 2 files changed, 53 insertions(+), 2 deletions(-) create mode 100644 main/heimdal/return-invalid-enctype-for-weak-crypto.patch diff --git a/main/heimdal/APKBUILD b/main/heimdal/APKBUILD index 139539e1..e98d9cf0 100644 --- a/main/heimdal/APKBUILD +++ b/main/heimdal/APKBUILD @@ -2,7 +2,7 @@ # Contributor: Natanael Copa pkgname=heimdal pkgver=1.3.1 -pkgrel=3 +pkgrel=4 pkgdesc="An implementation of Kerberos 5" url="http://www.h5l.org/" license="BSD" @@ -22,6 +22,7 @@ source="http://www.h5l.org/dist/src/$pkgname-$pkgver.tar.gz 100-check-com_err-pthread.patch heimdal-c++-safe-krb5_cccol_cursor.patch heimdal-locate_plugin-header.patch +return-invalid-enctype-for-weak-crypto.patch " # krb5.h needs com_err.h @@ -41,6 +42,7 @@ prepare() { patch -Np1 -i ../100-check-com_err-pthread.patch || return 1 patch -Np1 -i ../heimdal-c++-safe-krb5_cccol_cursor.patch || return 1 patch -Np1 -i ../heimdal-locate_plugin-header.patch || return 1 + patch -Np1 -i ../return-invalid-enctype-for-weak-crypto.patch || return 1 # name clash with ruserpass in netdb.h sed -i -e 's/ruserpass/ruserpw/g' appl/ftp/ftp/*.[ch] || return 1 @@ -176,4 +178,5 @@ md5sums="4ce17deae040a3519e542f48fd901f21 heimdal-1.3.1.tar.gz 8208ae8c0b6ff5ab4f64af1693e9e396 014_all_heimdal-path.patch e73205200f9641b5d969427ffb04282a 100-check-com_err-pthread.patch 7ebff9a320f18ed62f5fcb68c8fc18b8 heimdal-c++-safe-krb5_cccol_cursor.patch -248ab80b44568171e432a23524f4fe39 heimdal-locate_plugin-header.patch" +248ab80b44568171e432a23524f4fe39 heimdal-locate_plugin-header.patch +a8342f77a1aedb4f332983bcbf141827 return-invalid-enctype-for-weak-crypto.patch" diff --git a/main/heimdal/return-invalid-enctype-for-weak-crypto.patch b/main/heimdal/return-invalid-enctype-for-weak-crypto.patch new file mode 100644 index 00000000..c8ce39fe --- /dev/null +++ b/main/heimdal/return-invalid-enctype-for-weak-crypto.patch @@ -0,0 +1,48 @@ +--- a/lib/krb5/context.c ++++ b/lib/krb5/context.c +@@ -825,23 +825,33 @@ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL + krb5_set_default_in_tkt_etypes(krb5_context context, + const krb5_enctype *etypes) + { ++ krb5_error_code ret; + krb5_enctype *p = NULL; +- int i; ++ unsigned int n, m; + + if(etypes) { +- for (i = 0; etypes[i]; ++i) { +- krb5_error_code ret; +- ret = krb5_enctype_valid(context, etypes[i]); +- if (ret) +- return ret; +- } +- ++i; +- ALLOC(p, i); ++ for (n = 0; etypes[n]; n++) ++ ; ++ n++; ++ ALLOC(p, n); + if(!p) { +- krb5_set_error_message (context, ENOMEM, N_("malloc: out of memory", "")); ++ krb5_set_error_message (context, ENOMEM, ++ N_("malloc: out of memory", "")); + return ENOMEM; + } +- memmove(p, etypes, i * sizeof(krb5_enctype)); ++ for (n = 0, m = 0; etypes[n]; n++) { ++ ret = krb5_enctype_valid(context, etypes[n]); ++ if (ret) ++ continue; ++ p[m++] = etypes[n]; ++ } ++ p[m] = ETYPE_NULL; ++ if (m == 0) { ++ free(p); ++ krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP, ++ N_("no valid enctype set", "")); ++ return KRB5_PROG_ETYPE_NOSUPP; ++ } + } + if(context->etypes) + free(context->etypes); + -- cgit v1.2.3