rpms/krb5/F-10 krb5-1.6.3-spnego-crash.patch, NONE, 1.1 krb5.spec, 1.176, 1.177

Nalin Dahyabhai nalin at fedoraproject.org
Tue Mar 17 22:23:29 UTC 2009 

Author: nalin

Update of /cvs/pkgs/rpms/krb5/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv11939

Modified Files:
	krb5.spec 
Added Files:
	krb5-1.6.3-spnego-crash.patch 
Log Message:
- libgssapi_krb5: backport fix for some errors which can occur when
  we fail to set up the server half of a context (CVE-2009-0845)


krb5-1.6.3-spnego-crash.patch:

--- NEW FILE krb5-1.6.3-spnego-crash.patch ---
Upstream change #22099, triggered by report from Marcus Granado, fix by Tom Yu.
In a nutshell, when return_token is neither NO_TOKEN_SEND nor CHECK_MIC, we
might still not want a reply token, for example if it's ERROR_TOKEN_SEND.
diff -up src/lib/gssapi/spnego/spnego_mech.c src/lib/gssapi/spnego/spnego_mech.c
--- src/lib/gssapi/spnego/spnego_mech.c	2009-03-17 16:47:10.000000000 -0400
+++ src/lib/gssapi/spnego/spnego_mech.c	2009-03-17 16:47:14.000000000 -0400
@@ -1248,7 +1248,8 @@ spnego_gss_accept_sec_context(void *ct,
 				 &negState, &return_token);
 	}
 cleanup:
-	if (return_token != NO_TOKEN_SEND && return_token != CHECK_MIC) {
+	if (return_token == INIT_TOKEN_SEND ||
+	    return_token == CONT_TOKEN_SEND) {
 		tmpret = make_spnego_tokenTarg_msg(negState, sc->internal_mech,
 						   &mechtok_out, mic_out,
 						   return_token,


Index: krb5.spec
===================================================================
RCS file: /cvs/pkgs/rpms/krb5/F-10/krb5.spec,v
retrieving revision 1.176
retrieving revision 1.177
diff -u -r1.176 -r1.177
--- krb5.spec	4 Sep 2008 15:13:51 -0000	1.176
+++ krb5.spec	17 Mar 2009 22:22:59 -0000	1.177
@@ -16,7 +16,7 @@
 Summary: The Kerberos network authentication system.
 Name: krb5
 Version: 1.6.3
-Release: 16%{?dist}
+Release: 17%{?dist}
 # Maybe we should explode from the now-available-to-everybody tarball instead?
 # http://web.mit.edu/kerberos/dist/krb5/1.6/krb5-1.6.2-signed.tar
 Source0: krb5-%{version}.tar.gz
@@ -102,6 +102,7 @@
 Patch78: krb5-1.6.3-lucid-acceptor.patch
 Patch79: krb5-trunk-ftp_mget_case.patch
 Patch80: krb5-trunk-preauth-master.patch
+Patch81: krb5-1.6.3-spnego-crash.patch
 
 License: MIT
 URL: http://web.mit.edu/kerberos/www/
@@ -232,6 +233,10 @@
 certificate.
 
 %changelog
+* Tue Mar 17 2009 Nalin Dahyabhai <nalin at redhat.com> 1.6.3-17
+- libgssapi_krb5: backport fix for some errors which can occur when
+  we fail to set up the server half of a context (CVE-2009-0845)
+
 * Thu Sep  4 2008 Nalin Dahyabhai <nalin at redhat.com>
 - if we successfully change the user's password during an attempt to get
   initial credentials, but then fail to get initial creds from a non-master
@@ -1390,6 +1395,7 @@
 %patch78 -p0 -b .lucid_acceptor
 %patch79 -p0 -b .ftp_mget_case
 %patch80 -p0 -b .preauth_master
+%patch81 -p0 -b .spnego-crash
 cp src/krb524/README README.krb524
 gzip doc/*.ps

More information about the fedora-extras-commits mailing list