30 lines
1.2 KiB
Plaintext
30 lines
1.2 KiB
Plaintext
$NetBSD: patch-CVE-2014-5353,v 1.1 2015/02/25 22:28:58 tez Exp $
|
|
|
|
Fix for CVE-2014-5353 from:
|
|
https://github.com/krb5/krb5/commit/5fbb56c4624df9e6b0d0a80f46e5ad37eb79c6c0
|
|
|
|
|
|
--- plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c.orig 2015-02-25 18:57:47.261119800 +0000
|
|
+++ plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c
|
|
@@ -261,9 +261,9 @@ krb5_ldap_get_password_policy_from_dn(kr
|
|
#endif /**************** END IFDEF'ed OUT *******************************/
|
|
|
|
ent=ldap_first_entry(ld, result);
|
|
- if (ent != NULL) {
|
|
- if ((st = populate_policy(context, ld, ent, pol_name, *policy)) != 0)
|
|
- goto cleanup;
|
|
+ if (ent == NULL) {
|
|
+ st = KRB5_KDB_NOENTRY;
|
|
+ goto cleanup;
|
|
#if 0 /************** Begin IFDEF'ed OUT *******************************/
|
|
krb5_ldap_get_value(ld, ent, "krbmaxpwdlife", &((*policy)->pw_max_life));
|
|
krb5_ldap_get_value(ld, ent, "krbminpwdlife", &((*policy)->pw_min_life));
|
|
@@ -279,6 +279,7 @@ krb5_ldap_get_password_policy_from_dn(kr
|
|
ld);
|
|
#endif /**************** END IFDEF'ed OUT *******************************/
|
|
}
|
|
+ st = populate_policy(context, ld, ent, pol_name, *policy);
|
|
|
|
cleanup:
|
|
ldap_msgfree(result);
|