libgsasl/CVE-2022-2469.patch

From 796e4197f696261c1f872d7576371232330bcc30 Mon Sep 17 00:00:00 2001
From: Simon Josefsson <simon@josefsson.org>
Date: Fri, 15 Jul 2022 16:23:58 +0200
Subject: [PATCH] GSSAPI server: Boundary check gss_wrap token (read OOB).

Origin: 
https://gitlab.com/gsasl/gsasl/-/commit/796e4197f696261c1f872d7576371232330bcc30
---
 gssapi/server.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/gssapi/server.c b/gssapi/server.c
index 4a5dfd7..a93e454 100644
--- a/gssapi/server.c
+++ b/gssapi/server.c
@@ -225,6 +225,9 @@ _gsasl_gssapi_server_step (Gsasl_session * sctx,
          FALSE, and responds with the generated output_message.  The
          client can then consider the server authenticated. */
 
+      if (bufdesc2.length < 4)
+	return GSASL_AUTHENTICATION_ERROR;
+
       if ((((char *) bufdesc2.value)[0] & GSASL_QOP_AUTH) == 0)
 	{
 	  /* Integrity or privacy unsupported */
-- 
2.33.0
Fix CVE-2022-2469 (cherry picked from commit 36de747bf933c5ea53f093fded18f145324cbee9) 2024-03-27 09:51:36 +08:00			`From 796e4197f696261c1f872d7576371232330bcc30 Mon Sep 17 00:00:00 2001`
			`From: Simon Josefsson <simon@josefsson.org>`
			`Date: Fri, 15 Jul 2022 16:23:58 +0200`
			`Subject: [PATCH] GSSAPI server: Boundary check gss_wrap token (read OOB).`

			`Origin:`
			`https://gitlab.com/gsasl/gsasl/-/commit/796e4197f696261c1f872d7576371232330bcc30`
			`---`
			`gssapi/server.c \| 3 +++`
			`1 file changed, 3 insertions(+)`

			`diff --git a/gssapi/server.c b/gssapi/server.c`
			`index 4a5dfd7..a93e454 100644`
			`--- a/gssapi/server.c`
			`+++ b/gssapi/server.c`
			`@@ -225,6 +225,9 @@ _gsasl_gssapi_server_step (Gsasl_session * sctx,`
			`FALSE, and responds with the generated output_message. The`
			`client can then consider the server authenticated. */`

			`+ if (bufdesc2.length < 4)`
			`+ return GSASL_AUTHENTICATION_ERROR;`
			`+`
			`if ((((char *) bufdesc2.value)[0] & GSASL_QOP_AUTH) == 0)`
			`{`
			`/* Integrity or privacy unsupported */`
			`--`
			`2.33.0`