Date: Sunday, April 17, 2011 @ 21:43:38
Author: stephane
Revision: 119986
kadmind invalid pointer free() (CVE-2011-0285)
Added:
krb5/trunk/CVE-2011-0285.patch
Modified:
krb5/trunk/PKGBUILD
---------------------+
CVE-2011-0285.patch | 39 +++++++++++++++++++++++++++++++++++++++
PKGBUILD | 11 +++++++----
2 files changed, 46 insertions(+), 4 deletions(-)
Added: CVE-2011-0285.patch
===================================================================
--- CVE-2011-0285.patch (rev 0)
+++ CVE-2011-0285.patch 2011-04-18 01:43:38 UTC (rev 119986)
@@ -0,0 +1,39 @@
+diff --git a/src/kadmin/server/schpw.c b/src/kadmin/server/schpw.c
+index 1124445..0056885 100644
+--- a/src/kadmin/server/schpw.c
++++ b/src/kadmin/server/schpw.c
+@@ -52,6 +52,7 @@ process_chpw_request(context, server_handle, realm, keytab,
+
+ ret = 0;
+ rep->length = 0;
++ rep->data = NULL;
+
+ auth_context = NULL;
+ changepw = NULL;
+@@ -76,8 +77,13 @@ process_chpw_request(context, server_handle, realm, keytab,
+ plen = (*ptr++ & 0xff);
+ plen = (plen<<8) | (*ptr++ & 0xff);
+
+- if (plen != req->length)
+- return(KRB5KRB_AP_ERR_MODIFIED);
++ if (plen != req->length) {
++ ret = KRB5KRB_AP_ERR_MODIFIED;
++ numresult = KRB5_KPASSWD_MALFORMED;
++ strlcpy(strresult, "Request length was inconsistent",
++ sizeof(strresult));
++ goto chpwfail;
++ }
+
+ /* verify version number */
+
+@@ -531,6 +537,10 @@ cleanup:
+ if (local_kaddrs != NULL)
+ krb5_free_addresses(server_handle->context, local_kaddrs);
+
++ if ((*response)->data == NULL) {
++ free(*response);
++ *response = NULL;
++ }
+ krb5_kt_close(server_handle->context, kt);
+
+ return ret;
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2011-04-18 00:06:53 UTC (rev 119985)
+++ PKGBUILD 2011-04-18 01:43:38 UTC (rev 119986)
@@ -19,13 +19,15 @@
krb5-kdc.rc
CVE-2010-4022.patch
CVE-2011-0281.0282.0283.patch
- CVE-2011-0284.patch)
+ CVE-2011-0284.patch
+ CVE-2011-0285.patch)
sha1sums=('a7ad1b4ed37bff4b9087f6c4561b2b222208d779'
'640e3046c6558313d2be81cf2252afc8622892b0'
'77d2312ecd8bf12a6e72cc8fd871a8ac93b23393'
'79ece8b1c140deb2c01bfb64af575636b9bc7704'
'fb2486168ce128cb1a2866bd0df8cd7c4bcd7824'
- '1c72390c5d629eee592e5cb0c2b600b376e2fdc5')
+ '1c72390c5d629eee592e5cb0c2b600b376e2fdc5'
+ 'b6ae716616ecd5e92f32ec8203a1ab51b5726184')
options=('!emptydirs')
build() {
@@ -35,6 +37,7 @@
patch -Np2 -i ../../CVE-2010-4022.patch
patch -Np2 -i ../../CVE-2011-0281.0282.0283.patch
patch -Np2 -i ../../CVE-2011-0284.patch
+ patch -Np2 -i ../../CVE-2011-0285.patch
export CFLAGS+=" -fPIC -fno-strict-aliasing -fstack-protector-all"
export CPPFLAGS+=" -I/usr/include/et"
@@ -59,8 +62,8 @@
install -D -m 644 config-files/kdc.conf "${pkgdir}"/etc/krb5/kdc.conf
install -D -m 644 config-files/krb5.conf "${pkgdir}"/etc/krb5/krb5.conf
- install -D -m 755 ../../krb5-kdc.rc "${startdir}"/pkg/etc/rc.d
- install -D -m 755 ../../kadmind.rc "${startdir}"/pkg/etc/rc.d
+ install -D -m 755 ../../krb5-kdc.rc "${pkgdir}"/etc/rc.d
+ install -D -m 755 ../../kadmind.rc "${pkgdir}"/etc/rc.d
install -Dm644 "${srcdir}"/${pkgname}-${pkgver}/NOTICE
"${pkgdir}"/usr/share/licenses/${pkgname}/LICENSE
}
