summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'app-crypt/mit-krb5/files')
-rw-r--r--app-crypt/mit-krb5/files/CVE-2012-1014.patch21
-rw-r--r--app-crypt/mit-krb5/files/CVE-2012-1015.patch40
2 files changed, 61 insertions, 0 deletions
diff --git a/app-crypt/mit-krb5/files/CVE-2012-1014.patch b/app-crypt/mit-krb5/files/CVE-2012-1014.patch
new file mode 100644
index 000000000000..c7da7171959f
--- /dev/null
+++ b/app-crypt/mit-krb5/files/CVE-2012-1014.patch
@@ -0,0 +1,21 @@
+diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c
+index 23623fe..8ada9d0 100644
+--- a/src/kdc/do_as_req.c
++++ b/src/kdc/do_as_req.c
+@@ -463,7 +463,7 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
+ krb5_enctype useenctype;
+ struct as_req_state *state;
+
+- state = malloc(sizeof(*state));
++ state = calloc(sizeof(*state), 1);
+ if (!state) {
+ (*respond)(arg, ENOMEM, NULL);
+ return;
+@@ -486,6 +486,7 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
+ state->authtime = 0;
+ state->c_flags = 0;
+ state->req_pkt = req_pkt;
++ state->inner_body = NULL;
+ state->rstate = NULL;
+ state->sname = 0;
+ state->cname = 0;
diff --git a/app-crypt/mit-krb5/files/CVE-2012-1015.patch b/app-crypt/mit-krb5/files/CVE-2012-1015.patch
new file mode 100644
index 000000000000..60f2b38a2ffa
--- /dev/null
+++ b/app-crypt/mit-krb5/files/CVE-2012-1015.patch
@@ -0,0 +1,40 @@
+diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c
+index 9d8cb34..d4ece3f 100644
+--- a/src/kdc/kdc_preauth.c
++++ b/src/kdc/kdc_preauth.c
+@@ -1438,7 +1438,8 @@ etype_info_helper(krb5_context context, krb5_kdc_req *request,
+ continue;
+
+ }
+- if (request_contains_enctype(context, request, db_etype)) {
++ if (krb5_is_permitted_enctype(context, db_etype) &&
++ request_contains_enctype(context, request, db_etype)) {
+ retval = _make_etype_info_entry(context, client->princ,
+ client_key, db_etype,
+ &entry[i], etype_info2);
+diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c
+index a43b291..94dad3a 100644
+--- a/src/kdc/kdc_util.c
++++ b/src/kdc/kdc_util.c
+@@ -2461,6 +2461,7 @@ kdc_handle_protected_negotiation(krb5_data *req_pkt, krb5_kdc_req *request,
+ return 0;
+ pa.magic = KV5M_PA_DATA;
+ pa.pa_type = KRB5_ENCPADATA_REQ_ENC_PA_REP;
++ memset(&checksum, 0, sizeof(checksum));
+ retval = krb5_c_make_checksum(kdc_context,0, reply_key,
+ KRB5_KEYUSAGE_AS_REQ, req_pkt, &checksum);
+ if (retval != 0)
+diff --git a/src/lib/kdb/kdb_default.c b/src/lib/kdb/kdb_default.c
+index c4bf92e..367c894 100644
+--- a/src/lib/kdb/kdb_default.c
++++ b/src/lib/kdb/kdb_default.c
+@@ -61,6 +61,9 @@ krb5_dbe_def_search_enctype(kcontext, dbentp, start, ktype, stype, kvno, kdatap)
+ krb5_boolean saw_non_permitted = FALSE;
+
+ ret = 0;
++ if (ktype != -1 && !krb5_is_permitted_enctype(kcontext, ktype))
++ return KRB5_KDB_NO_PERMITTED_KEY;
++
+ if (kvno == -1 && stype == -1 && ktype == -1)
+ kvno = 0;
+