tags 574703 + patch tags 575740 + patch thanks Dear maintainer,
I've prepared an NMU for krb5 (versioned as 1.8+dfsg-1.1). The diff is attached to this message. Regards.
diff -u krb5-1.8+dfsg/debian/changelog krb5-1.8+dfsg/debian/changelog --- krb5-1.8+dfsg/debian/changelog +++ krb5-1.8+dfsg/debian/changelog @@ -1,3 +1,13 @@ +krb5 (1.8+dfsg-1.1) unstable; urgency=high + + * Non-maintainer upload by the Security Team. + * Fixed CVE-2010-0628: denial of service (assertion failure and daemon crash) + via an invalid packet that triggers incorrect preparation of an error + token. (Closes: 575740) + * Makes src/slave/kpropd.c ISO C90 compliant (Closes: #574703) + + -- Giuseppe Iuculano <iucul...@debian.org> Fri, 09 Apr 2010 19:11:50 +0200 + krb5 (1.8+dfsg-1) unstable; urgency=low * New upstream version diff -u krb5-1.8+dfsg/src/slave/kpropd.c krb5-1.8+dfsg/src/slave/kpropd.c --- krb5-1.8+dfsg/src/slave/kpropd.c +++ krb5-1.8+dfsg/src/slave/kpropd.c @@ -265,13 +265,13 @@ } for (res = answers; res != NULL; res = res->ai_next) { + int on = 1; finet = socket(res->ai_family, res->ai_socktype, res->ai_protocol); if (finet < 0) { com_err(progname, errno, "while obtaining socket"); exit(1); } - int on = 1; if (setsockopt (finet, SOL_SOCKET, SO_REUSEADDR, (void *)&on, sizeof(on)) < 0) com_err(progname, errno, diff -u krb5-1.8+dfsg/src/lib/gssapi/spnego/spnego_mech.c krb5-1.8+dfsg/src/lib/gssapi/spnego/spnego_mech.c --- krb5-1.8+dfsg/src/lib/gssapi/spnego/spnego_mech.c +++ krb5-1.8+dfsg/src/lib/gssapi/spnego/spnego_mech.c @@ -1580,7 +1580,7 @@ spnego_gss_ctx_id_t sc = NULL; spnego_gss_cred_id_t spcred = NULL; OM_uint32 mechstat = GSS_S_FAILURE; - int sendTokenInit = 0; + int sendTokenInit = 0, tmpret; mechtok_in = mic_in = mic_out = GSS_C_NO_BUFFER; @@ -1613,7 +1613,6 @@ if (delegated_cred_handle != NULL) *delegated_cred_handle = GSS_C_NO_CREDENTIAL; if (input_token->length == 0) { - sendTokenInit = 1; ret = acc_ctx_hints(minor_status, context_handle, spcred, &mic_out, @@ -1621,6 +1620,7 @@ &return_token); if (ret != GSS_S_COMPLETE) goto cleanup; + sendTokenInit = 1; ret = GSS_S_CONTINUE_NEEDED; } else { /* Can set negState to REQUEST_MIC */ @@ -1668,27 +1668,21 @@ &negState, &return_token); } cleanup: - if (return_token != NO_TOKEN_SEND && return_token != CHECK_MIC) { - /* For acceptor-sends-first send a tokenInit */ - int tmpret; - + if (return_token == INIT_TOKEN_SEND && sendTokenInit) { assert(sc != NULL); - - if (sendTokenInit) { - tmpret = make_spnego_tokenInit_msg(sc, - 1, - mic_out, - 0, - GSS_C_NO_BUFFER, - return_token, - output_token); - } else { - tmpret = make_spnego_tokenTarg_msg(negState, - sc ? sc->internal_mech : GSS_C_NO_OID, - &mechtok_out, mic_out, - return_token, - output_token); - } + tmpret = make_spnego_tokenInit_msg(sc, 1, mic_out, 0, + GSS_C_NO_BUFFER, + return_token, output_token); + if (tmpret < 0) + ret = GSS_S_FAILURE; + } else if (return_token != NO_TOKEN_SEND && + return_token != CHECK_MIC) { + tmpret = make_spnego_tokenTarg_msg(negState, + sc ? sc->internal_mech : + GSS_C_NO_OID, + &mechtok_out, mic_out, + return_token, + output_token); if (tmpret < 0) ret = GSS_S_FAILURE; }
signature.asc
Description: Digital signature