summaryrefslogtreecommitdiff
path: root/user/heimdal/CVE-2017-17439.patch
diff options
context:
space:
mode:
authorA. Wilcox <AWilcox@Wilcox-Tech.com>2018-07-04 19:22:35 -0500
committerA. Wilcox <AWilcox@Wilcox-Tech.com>2018-07-04 19:22:35 -0500
commit81428a313f361f9befbee70a17f659752ad331c1 (patch)
treeea14faf0854d98e34930395a5468682cc00138ba /user/heimdal/CVE-2017-17439.patch
parentc864e0201a1d0515fa07be1baa881972d69ab6f8 (diff)
downloadpackages-81428a313f361f9befbee70a17f659752ad331c1.tar.gz
packages-81428a313f361f9befbee70a17f659752ad331c1.tar.bz2
packages-81428a313f361f9befbee70a17f659752ad331c1.tar.xz
packages-81428a313f361f9befbee70a17f659752ad331c1.zip
user/heimdal: pull in for cyrus-sasl
Diffstat (limited to 'user/heimdal/CVE-2017-17439.patch')
-rw-r--r--user/heimdal/CVE-2017-17439.patch45
1 files changed, 45 insertions, 0 deletions
diff --git a/user/heimdal/CVE-2017-17439.patch b/user/heimdal/CVE-2017-17439.patch
new file mode 100644
index 000000000..8c3273971
--- /dev/null
+++ b/user/heimdal/CVE-2017-17439.patch
@@ -0,0 +1,45 @@
+From 749d377fa357351a7bbba51f8aae72cdf0629592 Mon Sep 17 00:00:00 2001
+From: Viktor Dukhovni <viktor@twosigma.com>
+Date: Tue, 5 Dec 2017 18:49:50 -0500
+Subject: [PATCH] Security: Avoid NULL structure pointer member dereference
+
+This can happen in the error path when processing malformed AS
+requests with a NULL client name. Bug originally introduced on
+Fri Feb 13 09:26:01 2015 +0100 in commit:
+
+ a873e21d7c06f22943a90a41dc733ae76799390d
+
+ kdc: base _kdc_fast_mk_error() on krb5_mk_error_ext()
+
+Original patch by Jeffrey Altman <jaltman@secure-endpoints.com>
+
+(cherry picked from commit 1a6a6e462dc2ac6111f9e02c6852ddec4849b887)
+---
+ kdc/kerberos5.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/kdc/kerberos5.c b/kdc/kerberos5.c
+index 95a74927f7..675b406b82 100644
+--- a/kdc/kerberos5.c
++++ b/kdc/kerberos5.c
+@@ -2226,15 +2226,17 @@ _kdc_as_rep(kdc_request_t r,
+ /*
+ * In case of a non proxy error, build an error message.
+ */
+- if(ret != 0 && ret != HDB_ERR_NOT_FOUND_HERE && reply->length == 0) {
++ if (ret != 0 && ret != HDB_ERR_NOT_FOUND_HERE && reply->length == 0) {
+ ret = _kdc_fast_mk_error(context, r,
+ &error_method,
+ r->armor_crypto,
+ &req->req_body,
+ ret, r->e_text,
+ r->server_princ,
+- &r->client_princ->name,
+- &r->client_princ->realm,
++ r->client_princ ?
++ &r->client_princ->name : NULL,
++ r->client_princ ?
++ &r->client_princ->realm : NULL,
+ NULL, NULL,
+ reply);
+ if (ret)