packages/krb5
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!183 [sync] PR-179: 回合社区补丁

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @dillon_chen 
Signed-off-by: @dillon_chen
This commit is contained in:
openeuler-ci-bot 2024-11-01 08:45:24 +00:00 committed by Gitee
commit 7681099d1f
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 44 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
backport-Fix-memory-leak-in-PAC-checksum-verification.patch Normal file
View File

@ -0,0 +1,39 @@
From c03ac354436a7182962b4987d318a86cb7ac558b Mon Sep 17 00:00:00 2001
From: Arjun <pkillarjun@protonmail.com>
Date: Fri, 11 Oct 2024 00:55:59 +0530
Subject: [PATCH] Fix memory leak in PAC checksum verification
If the server checksum length is invalid, do proper cleanup in
verify_pac_checksums() before returning.
[ghudson@mit.edu: edited commit message]
ticket: 9143 (new)
tags: pullup
target_version: 1.21-next
---
src/lib/krb5/krb/pac.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/lib/krb5/krb/pac.c b/src/lib/krb5/krb/pac.c
index 5d1fdf1..77adcd2 100644
--- a/src/lib/krb5/krb/pac.c
+++ b/src/lib/krb5/krb/pac.c
@@ -557,9 +557,11 @@ verify_pac_checksums(krb5_context context, const krb5_pac pac,
ret = k5_pac_locate_buffer(context, pac, KRB5_PAC_SERVER_CHECKSUM,
&server_checksum);
if (ret)
- return ret;
- if (server_checksum.length < PAC_SIGNATURE_DATA_LENGTH)
- return KRB5_BAD_MSIZE;
+ goto cleanup;
+ if (server_checksum.length < PAC_SIGNATURE_DATA_LENGTH) {
+ ret = KRB5_BAD_MSIZE;
+ goto cleanup;
+ }
server_checksum.data += PAC_SIGNATURE_DATA_LENGTH;
server_checksum.length -= PAC_SIGNATURE_DATA_LENGTH;
--
2.27.0

6
krb5.spec
View File

@ -3,7 +3,7 @@
Name: krb5
Version: 1.21.2
Release: 8
Release: 9
Summary: The Kerberos network authentication protocol
License: MIT
URL: http://web.mit.edu/kerberos/www/
@ -38,6 +38,7 @@ Patch14: backport-Fix-Python-regexp-literals.patch
Patch15: backport-Handle-empty-initial-buffer-in-IAKERB-initiator.patch
Patch16: backport-CVE-2024-37370-CVE-2024-37371-Fix-vulnerabilities-in-GSS-message-token-handling.patch
Patch17: backport-Change-krb5_get_credentials-endtime-behavior.patch
Patch18: backport-Fix-memory-leak-in-PAC-checksum-verification.patch
BuildRequires: gettext
BuildRequires: gcc make automake autoconf pkgconfig pam-devel libselinux-devel byacc
@ -336,6 +337,9 @@ make -C src check || :
%{_mandir}/man8/*
%changelog
* Sun Oct 27 2024 zhangyaqi <zhangyaqi@kylinos.cn> - 1.21.2-9
- Fix memory leak in PAC checksum verification
* Tue Jul 23 2024 zhangxingrong <zhangxingrong@uniontech.cn> - 1.21.2-8
- Change krb5_get_credentials() endtime behavior