packages/krb5
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix krb5_cccol_have_content() bad pointer free

Browse Source 
Signed-off-by: xuraoqing <xuraoqing@huawei.com>
This commit is contained in:
xuraoqing 2023-09-19 14:16:14 +08:00
parent cefde919cd
commit 18a39e9ce1
2 changed files with 40 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
Fix-krb5_cccol_have_content-bad-pointer-free.patch Normal file
View File

@ -0,0 +1,35 @@
From 635c8cca65b745476d07c1f5ff701445db25c10d Mon Sep 17 00:00:00 2001
From: Ilya Gladyshev <ilya.v.gladyshev@gmail.com>
Date: Wed, 30 Aug 2023 21:19:59 +0100
Subject: [PATCH] Fix krb5_cccol_have_content() bad pointer free
krb5_cccol_have_content() calls krb5_cc_get_principal() within a loop,
and frees the resulting principal on success or failure. Set princ to
null before each call to ensure we don't free a dangling pointer.
[ghudson@mit.edu: rewrote commit message; moved assignment for greater
clarity]
ticket: 9103
tags: pullup
target_version: 1.21-next
target_version: 1.20-next
---
src/lib/krb5/ccache/cccursor.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/lib/krb5/ccache/cccursor.c b/src/lib/krb5/ccache/cccursor.c
index 4bcb66b71..926873f2a 100644
--- a/src/lib/krb5/ccache/cccursor.c
+++ b/src/lib/krb5/ccache/cccursor.c
@@ -249,6 +249,7 @@ krb5_cccol_have_content(krb5_context context)
save_first_error(context, ret, &errsave);
if (ret || cache == NULL)
break;
+ princ = NULL;
ret = krb5_cc_get_principal(context, cache, &princ);
save_first_error(context, ret, &errsave);
if (!ret)
--
2.33.0

6
krb5.spec
View File

@ -3,7 +3,7 @@
Name: krb5 Name: krb5
Version: 1.21.1 Version: 1.21.1
Release: 1 Release: 3
Summary: The Kerberos network authentication protocol Summary: The Kerberos network authentication protocol
License: MIT License: MIT
URL: http://web.mit.edu/kerberos/www/ URL: http://web.mit.edu/kerberos/www/
@ -27,6 +27,7 @@ Patch3: netlib-and-dns.patch
Patch4: fix-debuginfo-with-y.tab.c.patch Patch4: fix-debuginfo-with-y.tab.c.patch
Patch5: Remove-3des-support.patch Patch5: Remove-3des-support.patch
Patch6: fix-CVE-2023-39975-Fix-double-free-in-KDC-TGS-processing.patch Patch6: fix-CVE-2023-39975-Fix-double-free-in-KDC-TGS-processing.patch
Patch7: Fix-krb5_cccol_have_content-bad-pointer-free.patch
BuildRequires: gettext BuildRequires: gettext
BuildRequires: gcc make automake autoconf pkgconfig pam-devel libselinux-devel byacc BuildRequires: gcc make automake autoconf pkgconfig pam-devel libselinux-devel byacc
@ -325,6 +326,9 @@ make -C src check || :
%{_mandir}/man8/* %{_mandir}/man8/*
%changelog %changelog
* Tue Sep 19 2023 xuraoqing<xuraoqing@huawei.com> - 1.21.1-3
- Fix krb5_cccol_have_content() bad pointer free
* Tue Aug 29 2023 wangyunjia <yunjia.wang@huawei.com> - 1.21.1-2 * Tue Aug 29 2023 wangyunjia <yunjia.wang@huawei.com> - 1.21.1-2
- fix CVE-2023-39975 - fix CVE-2023-39975