diff options
author | cy <cy@FreeBSD.org> | 2004-09-02 03:55:26 +0800 |
---|---|---|
committer | cy <cy@FreeBSD.org> | 2004-09-02 03:55:26 +0800 |
commit | 62a669d1edb0687a75c7a1504cb239afbb4543ca (patch) | |
tree | b01801885178bc55e3e5c5201f2d1a2463b03ffa | |
parent | fd60c164668a5f5bb67f4870cbe38531c8bafc6d (diff) | |
download | freebsd-ports-gnome-62a669d1edb0687a75c7a1504cb239afbb4543ca.tar.gz freebsd-ports-gnome-62a669d1edb0687a75c7a1504cb239afbb4543ca.tar.zst freebsd-ports-gnome-62a669d1edb0687a75c7a1504cb239afbb4543ca.zip |
Fix MIT krb5 Security Advisory 2004-002: double-free vulnerabilities
in KDC and libraries
Heads-up by: nectar
-rw-r--r-- | security/krb5-16/Makefile | 2 | ||||
-rw-r--r-- | security/krb5-16/files/patch-lib::krb5::krb::rd_rep.c | 11 | ||||
-rw-r--r-- | security/krb5-16/files/patch-lib::krb5::krb::send_tgs.c | 20 | ||||
-rw-r--r-- | security/krb5-17/Makefile | 2 | ||||
-rw-r--r-- | security/krb5-17/files/patch-lib::krb5::krb::rd_rep.c | 11 | ||||
-rw-r--r-- | security/krb5-17/files/patch-lib::krb5::krb::send_tgs.c | 20 | ||||
-rw-r--r-- | security/krb5-appl/Makefile | 2 | ||||
-rw-r--r-- | security/krb5-appl/files/patch-lib::krb5::krb::rd_rep.c | 11 | ||||
-rw-r--r-- | security/krb5-appl/files/patch-lib::krb5::krb::send_tgs.c | 20 | ||||
-rw-r--r-- | security/krb5/Makefile | 2 | ||||
-rw-r--r-- | security/krb5/files/patch-lib::krb5::krb::rd_rep.c | 11 | ||||
-rw-r--r-- | security/krb5/files/patch-lib::krb5::krb::send_tgs.c | 20 |
12 files changed, 128 insertions, 4 deletions
diff --git a/security/krb5-16/Makefile b/security/krb5-16/Makefile index 0e590c1b344a..661421f59e83 100644 --- a/security/krb5-16/Makefile +++ b/security/krb5-16/Makefile @@ -7,7 +7,7 @@ PORTNAME= krb5 PORTVERSION= 1.3.4 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security # USE_TARBALL tells the port that the user has fetched the source # directly from MIT or crypto-publish.org (CRYTPO-PUBLISH). diff --git a/security/krb5-16/files/patch-lib::krb5::krb::rd_rep.c b/security/krb5-16/files/patch-lib::krb5::krb::rd_rep.c new file mode 100644 index 000000000000..0772c869f063 --- /dev/null +++ b/security/krb5-16/files/patch-lib::krb5::krb::rd_rep.c @@ -0,0 +1,11 @@ +--- lib/krb5/krb/rd_rep.c.orig Fri Jun 13 17:09:47 2003 ++++ lib/krb5/krb/rd_rep.c Wed Sep 1 11:46:52 2004 +@@ -71,6 +71,8 @@ + + /* now decode the decrypted stuff */ + retval = decode_krb5_ap_rep_enc_part(&scratch, repl); ++ if (retval) ++ goto clean_scratch; + + /* Check reply fields */ + if (((*repl)->ctime != auth_context->authentp->ctime) || diff --git a/security/krb5-16/files/patch-lib::krb5::krb::send_tgs.c b/security/krb5-16/files/patch-lib::krb5::krb::send_tgs.c new file mode 100644 index 000000000000..07b494ffd93e --- /dev/null +++ b/security/krb5-16/files/patch-lib::krb5::krb::send_tgs.c @@ -0,0 +1,20 @@ +--- lib/krb5/krb/send_tgs.c.orig Thu May 13 12:27:59 2004 ++++ lib/krb5/krb/send_tgs.c Wed Sep 1 11:46:52 2004 +@@ -269,6 +269,8 @@ + if (!tcp_only) { + krb5_error *err_reply; + retval = decode_krb5_error(&rep->response, &err_reply); ++ if (retval) ++ goto send_tgs_error_3; + if (err_reply->error == KRB_ERR_RESPONSE_TOO_BIG) { + tcp_only = 1; + krb5_free_error(context, err_reply); +@@ -277,6 +279,8 @@ + goto send_again; + } + krb5_free_error(context, err_reply); ++ send_tgs_error_3: ++ ; + } + rep->message_type = KRB5_ERROR; + } else if (krb5_is_tgs_rep(&rep->response)) diff --git a/security/krb5-17/Makefile b/security/krb5-17/Makefile index 0e590c1b344a..661421f59e83 100644 --- a/security/krb5-17/Makefile +++ b/security/krb5-17/Makefile @@ -7,7 +7,7 @@ PORTNAME= krb5 PORTVERSION= 1.3.4 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security # USE_TARBALL tells the port that the user has fetched the source # directly from MIT or crypto-publish.org (CRYTPO-PUBLISH). diff --git a/security/krb5-17/files/patch-lib::krb5::krb::rd_rep.c b/security/krb5-17/files/patch-lib::krb5::krb::rd_rep.c new file mode 100644 index 000000000000..0772c869f063 --- /dev/null +++ b/security/krb5-17/files/patch-lib::krb5::krb::rd_rep.c @@ -0,0 +1,11 @@ +--- lib/krb5/krb/rd_rep.c.orig Fri Jun 13 17:09:47 2003 ++++ lib/krb5/krb/rd_rep.c Wed Sep 1 11:46:52 2004 +@@ -71,6 +71,8 @@ + + /* now decode the decrypted stuff */ + retval = decode_krb5_ap_rep_enc_part(&scratch, repl); ++ if (retval) ++ goto clean_scratch; + + /* Check reply fields */ + if (((*repl)->ctime != auth_context->authentp->ctime) || diff --git a/security/krb5-17/files/patch-lib::krb5::krb::send_tgs.c b/security/krb5-17/files/patch-lib::krb5::krb::send_tgs.c new file mode 100644 index 000000000000..07b494ffd93e --- /dev/null +++ b/security/krb5-17/files/patch-lib::krb5::krb::send_tgs.c @@ -0,0 +1,20 @@ +--- lib/krb5/krb/send_tgs.c.orig Thu May 13 12:27:59 2004 ++++ lib/krb5/krb/send_tgs.c Wed Sep 1 11:46:52 2004 +@@ -269,6 +269,8 @@ + if (!tcp_only) { + krb5_error *err_reply; + retval = decode_krb5_error(&rep->response, &err_reply); ++ if (retval) ++ goto send_tgs_error_3; + if (err_reply->error == KRB_ERR_RESPONSE_TOO_BIG) { + tcp_only = 1; + krb5_free_error(context, err_reply); +@@ -277,6 +279,8 @@ + goto send_again; + } + krb5_free_error(context, err_reply); ++ send_tgs_error_3: ++ ; + } + rep->message_type = KRB5_ERROR; + } else if (krb5_is_tgs_rep(&rep->response)) diff --git a/security/krb5-appl/Makefile b/security/krb5-appl/Makefile index 0e590c1b344a..661421f59e83 100644 --- a/security/krb5-appl/Makefile +++ b/security/krb5-appl/Makefile @@ -7,7 +7,7 @@ PORTNAME= krb5 PORTVERSION= 1.3.4 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security # USE_TARBALL tells the port that the user has fetched the source # directly from MIT or crypto-publish.org (CRYTPO-PUBLISH). diff --git a/security/krb5-appl/files/patch-lib::krb5::krb::rd_rep.c b/security/krb5-appl/files/patch-lib::krb5::krb::rd_rep.c new file mode 100644 index 000000000000..0772c869f063 --- /dev/null +++ b/security/krb5-appl/files/patch-lib::krb5::krb::rd_rep.c @@ -0,0 +1,11 @@ +--- lib/krb5/krb/rd_rep.c.orig Fri Jun 13 17:09:47 2003 ++++ lib/krb5/krb/rd_rep.c Wed Sep 1 11:46:52 2004 +@@ -71,6 +71,8 @@ + + /* now decode the decrypted stuff */ + retval = decode_krb5_ap_rep_enc_part(&scratch, repl); ++ if (retval) ++ goto clean_scratch; + + /* Check reply fields */ + if (((*repl)->ctime != auth_context->authentp->ctime) || diff --git a/security/krb5-appl/files/patch-lib::krb5::krb::send_tgs.c b/security/krb5-appl/files/patch-lib::krb5::krb::send_tgs.c new file mode 100644 index 000000000000..07b494ffd93e --- /dev/null +++ b/security/krb5-appl/files/patch-lib::krb5::krb::send_tgs.c @@ -0,0 +1,20 @@ +--- lib/krb5/krb/send_tgs.c.orig Thu May 13 12:27:59 2004 ++++ lib/krb5/krb/send_tgs.c Wed Sep 1 11:46:52 2004 +@@ -269,6 +269,8 @@ + if (!tcp_only) { + krb5_error *err_reply; + retval = decode_krb5_error(&rep->response, &err_reply); ++ if (retval) ++ goto send_tgs_error_3; + if (err_reply->error == KRB_ERR_RESPONSE_TOO_BIG) { + tcp_only = 1; + krb5_free_error(context, err_reply); +@@ -277,6 +279,8 @@ + goto send_again; + } + krb5_free_error(context, err_reply); ++ send_tgs_error_3: ++ ; + } + rep->message_type = KRB5_ERROR; + } else if (krb5_is_tgs_rep(&rep->response)) diff --git a/security/krb5/Makefile b/security/krb5/Makefile index 0e590c1b344a..661421f59e83 100644 --- a/security/krb5/Makefile +++ b/security/krb5/Makefile @@ -7,7 +7,7 @@ PORTNAME= krb5 PORTVERSION= 1.3.4 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security # USE_TARBALL tells the port that the user has fetched the source # directly from MIT or crypto-publish.org (CRYTPO-PUBLISH). diff --git a/security/krb5/files/patch-lib::krb5::krb::rd_rep.c b/security/krb5/files/patch-lib::krb5::krb::rd_rep.c new file mode 100644 index 000000000000..0772c869f063 --- /dev/null +++ b/security/krb5/files/patch-lib::krb5::krb::rd_rep.c @@ -0,0 +1,11 @@ +--- lib/krb5/krb/rd_rep.c.orig Fri Jun 13 17:09:47 2003 ++++ lib/krb5/krb/rd_rep.c Wed Sep 1 11:46:52 2004 +@@ -71,6 +71,8 @@ + + /* now decode the decrypted stuff */ + retval = decode_krb5_ap_rep_enc_part(&scratch, repl); ++ if (retval) ++ goto clean_scratch; + + /* Check reply fields */ + if (((*repl)->ctime != auth_context->authentp->ctime) || diff --git a/security/krb5/files/patch-lib::krb5::krb::send_tgs.c b/security/krb5/files/patch-lib::krb5::krb::send_tgs.c new file mode 100644 index 000000000000..07b494ffd93e --- /dev/null +++ b/security/krb5/files/patch-lib::krb5::krb::send_tgs.c @@ -0,0 +1,20 @@ +--- lib/krb5/krb/send_tgs.c.orig Thu May 13 12:27:59 2004 ++++ lib/krb5/krb/send_tgs.c Wed Sep 1 11:46:52 2004 +@@ -269,6 +269,8 @@ + if (!tcp_only) { + krb5_error *err_reply; + retval = decode_krb5_error(&rep->response, &err_reply); ++ if (retval) ++ goto send_tgs_error_3; + if (err_reply->error == KRB_ERR_RESPONSE_TOO_BIG) { + tcp_only = 1; + krb5_free_error(context, err_reply); +@@ -277,6 +279,8 @@ + goto send_again; + } + krb5_free_error(context, err_reply); ++ send_tgs_error_3: ++ ; + } + rep->message_type = KRB5_ERROR; + } else if (krb5_is_tgs_rep(&rep->response)) |