52 lines
1.8 KiB
Plaintext
52 lines
1.8 KiB
Plaintext
$NetBSD: patch-CVE-2014-5351,v 1.1 2014/11/25 23:40:49 tez Exp $
|
|
|
|
Patch for CVE-2014-5351 from:
|
|
http://krbdev.mit.edu/rt/Ticket/Display.html?id=8018
|
|
https://github.com/krb5/krb5/commit/3bf9e33f9d66c0eef486cbd83f9e4f13a74d12c3.diff
|
|
|
|
|
|
--- lib/kadm5/srv/svr_principal.c.orig 2014-11-25 17:09:26.278975276 -0600
|
|
+++ lib/kadm5/srv/svr_principal.c 2014-11-25 17:11:45.406746599 -0600
|
|
@@ -200,6 +200,20 @@
|
|
*passptr = NULL;
|
|
}
|
|
|
|
+/* Return the number of keys with the newest kvno. Assumes that all key data
|
|
+ * with the newest kvno are at the front of the key data array. */
|
|
+static int
|
|
+count_new_keys(int n_key_data, krb5_key_data *key_data)
|
|
+{
|
|
+ int n;
|
|
+
|
|
+ for (n = 1; n < n_key_data; n++) {
|
|
+ if (key_data[n - 1].key_data_kvno != key_data[n].key_data_kvno)
|
|
+ return n;
|
|
+ }
|
|
+ return n_key_data;
|
|
+}
|
|
+
|
|
kadm5_ret_t
|
|
kadm5_create_principal(void *server_handle,
|
|
kadm5_principal_ent_t entry, long mask,
|
|
@@ -1581,7 +1595,7 @@
|
|
osa_princ_ent_rec adb;
|
|
krb5_int32 now;
|
|
kadm5_policy_ent_rec pol;
|
|
- int ret, last_pwd, have_pol = 0;
|
|
+ int ret, last_pwd, n_new_keys, have_pol = 0;
|
|
kadm5_server_handle_t handle = server_handle;
|
|
krb5_keyblock *act_mkey;
|
|
|
|
@@ -1667,8 +1681,9 @@
|
|
kdb->fail_auth_count = 0;
|
|
|
|
if (keyblocks) {
|
|
- ret = decrypt_key_data(handle->context,
|
|
- kdb->n_key_data, kdb->key_data,
|
|
+ /* Return only the new keys added by krb5_dbe_crk. */
|
|
+ n_new_keys = count_new_keys(kdb->n_key_data, kdb->key_data);
|
|
+ ret = decrypt_key_data(handle->context, n_new_keys, kdb->key_data,
|
|
keyblocks, n_keys);
|
|
if (ret)
|
|
goto done;
|