samba/CVE-2018-16860.patch

From 43958af1d50f0185e21e6cd74110c455ee8996af Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris@gmail.com>
Date: Wed, 30 Jan 2019 23:49:07 +0200
Subject: [PATCH] CVE-2018-16860 Heimdal KDC: Reject PA-S4U2Self with unkeyed
 checksum

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13685

Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Tue May 14 11:45:13 UTC 2019 on sn-devel-184
---
 source4/heimdal/kdc/krb5tgs.c      |   7 +
 1 files changed, 7 insertions(+), 0 deletions(-)

diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c
index a888788bb6f..ff7d93138c0 100644
--- a/source4/heimdal/kdc/krb5tgs.c
+++ b/source4/heimdal/kdc/krb5tgs.c
@@ -1925,6 +1925,13 @@ tgs_build_reply(krb5_context context,
 		goto out;
 	    }
 
+	    if (!krb5_checksum_is_keyed(context, self.cksum.cksumtype)) {
+		free_PA_S4U2Self(&self);
+		kdc_log(context, config, 0, "Reject PA-S4U2Self with unkeyed checksum");
+		ret = KRB5KRB_AP_ERR_INAPP_CKSUM;
+		goto out;
+	    }
+
 	    ret = _krb5_s4u2self_to_checksumdata(context, &self, &datack);
 	    if (ret)
 		goto out;
Package init 2019-12-25 16:07:00 +08:00			`From 43958af1d50f0185e21e6cd74110c455ee8996af Mon Sep 17 00:00:00 2001`
			`From: Isaac Boukris <iboukris@gmail.com>`
			`Date: Wed, 30 Jan 2019 23:49:07 +0200`
			`Subject: [PATCH] CVE-2018-16860 Heimdal KDC: Reject PA-S4U2Self with unkeyed`
			`checksum`

			`BUG: https://bugzilla.samba.org/show_bug.cgi?id=13685`

			`Signed-off-by: Isaac Boukris <iboukris@gmail.com>`
			`Reviewed-by: Andrew Bartlett <abartlet@samba.org>`
			`Signed-off-by: Andrew Bartlett <abartlet@samba.org>`

			`Autobuild-User(master): Karolin Seeger <kseeger@samba.org>`
			`Autobuild-Date(master): Tue May 14 11:45:13 UTC 2019 on sn-devel-184`
			`---`
			`source4/heimdal/kdc/krb5tgs.c \| 7 +`
			`1 files changed, 7 insertions(+), 0 deletions(-)`

			`diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c`
			`index a888788bb6f..ff7d93138c0 100644`
			`--- a/source4/heimdal/kdc/krb5tgs.c`
			`+++ b/source4/heimdal/kdc/krb5tgs.c`
			`@@ -1925,6 +1925,13 @@ tgs_build_reply(krb5_context context,`
			`goto out;`
			`}`

			`+ if (!krb5_checksum_is_keyed(context, self.cksum.cksumtype)) {`
			`+ free_PA_S4U2Self(&self);`
			`+ kdc_log(context, config, 0, "Reject PA-S4U2Self with unkeyed checksum");`
			`+ ret = KRB5KRB_AP_ERR_INAPP_CKSUM;`
			`+ goto out;`
			`+ }`
			`+`
			`ret = _krb5_s4u2self_to_checksumdata(context, &self, &datack);`
			`if (ret)`
			`goto out;`