svn commit: r320911 - in releng/11.0: . crypto/heimdal/lib/krb5 sys/conf

Wed, 12 Jul 2017 01:08:18 -0700 

Author: delphij
Date: Wed Jul 12 08:07:36 2017
New Revision: 320911
URL: https://svnweb.freebsd.org/changeset/base/320911

Log:
  Fix heimdal KDC-REP service name validation vulnerability [SA-17:05]
  
  Approved by:  so

Modified:
  releng/11.0/UPDATING
  releng/11.0/crypto/heimdal/lib/krb5/ticket.c
  releng/11.0/sys/conf/newvers.sh

Modified: releng/11.0/UPDATING
==============================================================================
--- releng/11.0/UPDATING        Wed Jul 12 08:07:16 2017        (r320910)
+++ releng/11.0/UPDATING        Wed Jul 12 08:07:36 2017        (r320911)
@@ -16,7 +16,11 @@ from older versions of FreeBSD, try WITHOUT_CLANG and 
 the tip of head, and then rebuild without this option. The bootstrap process
 from older version of current across the gcc/clang cutover is a bit fragile.
 
-20170427        p10     FreeBSD-SA-17:04.ipfilter
+20170712       p11     FreeBSD-SA-17:05.heimdal
+
+       Fix heimdal KDC-REP service name validation vulnerability.
+
+20170427       p10     FreeBSD-SA-17:04.ipfilter
 
        Fix ipfilter(4) fragment handling panic. [SA-17:04]
 

Modified: releng/11.0/crypto/heimdal/lib/krb5/ticket.c
==============================================================================
--- releng/11.0/crypto/heimdal/lib/krb5/ticket.c        Wed Jul 12 08:07:16 
2017        (r320910)
+++ releng/11.0/crypto/heimdal/lib/krb5/ticket.c        Wed Jul 12 08:07:36 
2017        (r320911)
@@ -713,8 +713,8 @@ _krb5_extract_ticket(krb5_context context,
     /* check server referral and save principal */
     ret = _krb5_principalname2krb5_principal (context,
                                              &tmp_principal,
-                                             rep->kdc_rep.ticket.sname,
-                                             rep->kdc_rep.ticket.realm);
+                                             rep->enc_part.sname,
+                                             rep->enc_part.srealm);
     if (ret)
        goto out;
     if((flags & EXTRACT_TICKET_ALLOW_SERVER_MISMATCH) == 0){

Modified: releng/11.0/sys/conf/newvers.sh
==============================================================================
--- releng/11.0/sys/conf/newvers.sh     Wed Jul 12 08:07:16 2017        
(r320910)
+++ releng/11.0/sys/conf/newvers.sh     Wed Jul 12 08:07:36 2017        
(r320911)
@@ -32,7 +32,7 @@
 
 TYPE="FreeBSD"
 REVISION="11.0"
-BRANCH="RELEASE-p10"
+BRANCH="RELEASE-p11"
 if [ -n "${BRANCH_OVERRIDE}" ]; then
        BRANCH=${BRANCH_OVERRIDE}
 fi
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Reply via email to