diff options
Diffstat (limited to 'app-crypt/mit-krb5/files')
-rw-r--r-- | app-crypt/mit-krb5/files/CVE-2012-1014.patch | 21 | ||||
-rw-r--r-- | app-crypt/mit-krb5/files/CVE-2012-1015.patch | 40 |
2 files changed, 61 insertions, 0 deletions
diff --git a/app-crypt/mit-krb5/files/CVE-2012-1014.patch b/app-crypt/mit-krb5/files/CVE-2012-1014.patch new file mode 100644 index 000000000000..c7da7171959f --- /dev/null +++ b/app-crypt/mit-krb5/files/CVE-2012-1014.patch @@ -0,0 +1,21 @@ +diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c +index 23623fe..8ada9d0 100644 +--- a/src/kdc/do_as_req.c ++++ b/src/kdc/do_as_req.c +@@ -463,7 +463,7 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt, + krb5_enctype useenctype; + struct as_req_state *state; + +- state = malloc(sizeof(*state)); ++ state = calloc(sizeof(*state), 1); + if (!state) { + (*respond)(arg, ENOMEM, NULL); + return; +@@ -486,6 +486,7 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt, + state->authtime = 0; + state->c_flags = 0; + state->req_pkt = req_pkt; ++ state->inner_body = NULL; + state->rstate = NULL; + state->sname = 0; + state->cname = 0; diff --git a/app-crypt/mit-krb5/files/CVE-2012-1015.patch b/app-crypt/mit-krb5/files/CVE-2012-1015.patch new file mode 100644 index 000000000000..60f2b38a2ffa --- /dev/null +++ b/app-crypt/mit-krb5/files/CVE-2012-1015.patch @@ -0,0 +1,40 @@ +diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c +index 9d8cb34..d4ece3f 100644 +--- a/src/kdc/kdc_preauth.c ++++ b/src/kdc/kdc_preauth.c +@@ -1438,7 +1438,8 @@ etype_info_helper(krb5_context context, krb5_kdc_req *request, + continue; + + } +- if (request_contains_enctype(context, request, db_etype)) { ++ if (krb5_is_permitted_enctype(context, db_etype) && ++ request_contains_enctype(context, request, db_etype)) { + retval = _make_etype_info_entry(context, client->princ, + client_key, db_etype, + &entry[i], etype_info2); +diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c +index a43b291..94dad3a 100644 +--- a/src/kdc/kdc_util.c ++++ b/src/kdc/kdc_util.c +@@ -2461,6 +2461,7 @@ kdc_handle_protected_negotiation(krb5_data *req_pkt, krb5_kdc_req *request, + return 0; + pa.magic = KV5M_PA_DATA; + pa.pa_type = KRB5_ENCPADATA_REQ_ENC_PA_REP; ++ memset(&checksum, 0, sizeof(checksum)); + retval = krb5_c_make_checksum(kdc_context,0, reply_key, + KRB5_KEYUSAGE_AS_REQ, req_pkt, &checksum); + if (retval != 0) +diff --git a/src/lib/kdb/kdb_default.c b/src/lib/kdb/kdb_default.c +index c4bf92e..367c894 100644 +--- a/src/lib/kdb/kdb_default.c ++++ b/src/lib/kdb/kdb_default.c +@@ -61,6 +61,9 @@ krb5_dbe_def_search_enctype(kcontext, dbentp, start, ktype, stype, kvno, kdatap) + krb5_boolean saw_non_permitted = FALSE; + + ret = 0; ++ if (ktype != -1 && !krb5_is_permitted_enctype(kcontext, ktype)) ++ return KRB5_KDB_NO_PERMITTED_KEY; ++ + if (kvno == -1 && stype == -1 && ktype == -1) + kvno = 0; + |