54 lines
1.9 KiB
Plaintext
54 lines
1.9 KiB
Plaintext
$NetBSD: patch-CVE-2014-5355,v 1.1 2015/02/25 22:28:58 tez Exp $
|
|
|
|
Patch for CVE-2014-5355 from:
|
|
https://github.com/krb5/krb5/commit/102bb6ebf20f9174130c85c3b052ae104e5073ec
|
|
|
|
|
|
--- ./appl/user_user/server.c.orig 2015-02-25 21:22:16.608302700 +0000
|
|
+++ ./appl/user_user/server.c
|
|
@@ -113,8 +113,10 @@ int main(argc, argv)
|
|
}
|
|
#endif
|
|
|
|
+ /* principal name must be sent null-terminated. */
|
|
retval = krb5_read_message(context, (krb5_pointer) &sock, &pname_data);
|
|
- if (retval) {
|
|
+ if (retval || pname_data.length == 0 ||
|
|
+ pname_data.data[pname_data.length - 1] != '\0') {
|
|
com_err ("uu-server", retval, "reading pname");
|
|
return 2;
|
|
}
|
|
|
|
--- ./lib/krb5/krb/recvauth.c.orig 2015-02-25 21:24:52.754211700 +0000
|
|
+++ ./lib/krb5/krb/recvauth.c
|
|
@@ -59,6 +59,7 @@ recvauth_common(krb5_context context,
|
|
krb5_rcache rcache = 0;
|
|
krb5_octet response;
|
|
krb5_data null_server;
|
|
+ krb5_data d;
|
|
int need_error_free = 0;
|
|
int local_rcache = 0, local_authcon = 0;
|
|
|
|
@@ -77,7 +78,8 @@ recvauth_common(krb5_context context,
|
|
*/
|
|
if ((retval = krb5_read_message(context, fd, &inbuf)))
|
|
return(retval);
|
|
- if (strcmp(inbuf.data, sendauth_version)) {
|
|
+ d = make_data((char *)sendauth_version, strlen(sendauth_version) + 1);
|
|
+ if (!data_eq(inbuf, d)) {
|
|
problem = KRB5_SENDAUTH_BADAUTHVERS;
|
|
response = 1;
|
|
}
|
|
@@ -93,8 +95,9 @@ recvauth_common(krb5_context context,
|
|
*/
|
|
if ((retval = krb5_read_message(context, fd, &inbuf)))
|
|
return(retval);
|
|
- if (appl_version && strcmp(inbuf.data, appl_version)) {
|
|
- if (!problem) {
|
|
+ if (appl_version != NULL && !problem) {
|
|
+ d = make_data(appl_version, strlen(appl_version) + 1);
|
|
+ if (!data_eq(inbuf, d)) {
|
|
problem = KRB5_SENDAUTH_BADAPPLVERS;
|
|
response = 2;
|
|
}
|