summary refs log tree commit diff
path: root/gnu/packages/patches/mit-krb5-CVE-2015-2695-pt2.patch
diff options
context:
space:
mode:
authorMark H Weaver <mhw@netris.org>2015-11-08 23:05:11 -0500
committerMark H Weaver <mhw@netris.org>2015-11-13 12:42:47 -0500
commitff45a00e798350676ca7a4cf1cac349cc0b4c1f6 (patch)
tree516c980bab196807f9e1dc97a88db273796a62d4 /gnu/packages/patches/mit-krb5-CVE-2015-2695-pt2.patch
parent4d53c29e6ca0fb432e92c298f9537c688fbbc10e (diff)
downloadguix-ff45a00e798350676ca7a4cf1cac349cc0b4c1f6.tar.gz
gnu: mit-krb5: Add fixes for CVE-2015-{2695,2696,2697,2698}.
* gnu/packages/patches/mit-krb5-CVE-2015-2695-pt1.patch,
  gnu/packages/patches/mit-krb5-CVE-2015-2695-pt2.patch,
  gnu/packages/patches/mit-krb5-CVE-2015-2696.patch,
  gnu/packages/patches/mit-krb5-CVE-2015-2697.patch,
  gnu/packages/patches/mit-krb5-CVE-2015-2698-pt1.patch,
  gnu/packages/patches/mit-krb5-CVE-2015-2698-pt2.patch: New files.
* gnu-system.am (dist_patch_DATA): Add them.
* gnu/packages/mit-krb5.scm (mit-krb5)[native-inputs]: Add patches.
Diffstat (limited to 'gnu/packages/patches/mit-krb5-CVE-2015-2695-pt2.patch')
-rw-r--r--gnu/packages/patches/mit-krb5-CVE-2015-2695-pt2.patch65
1 files changed, 65 insertions, 0 deletions
diff --git a/gnu/packages/patches/mit-krb5-CVE-2015-2695-pt2.patch b/gnu/packages/patches/mit-krb5-CVE-2015-2695-pt2.patch
new file mode 100644
index 0000000000..aa9fcfa0dd
--- /dev/null
+++ b/gnu/packages/patches/mit-krb5-CVE-2015-2695-pt2.patch
@@ -0,0 +1,65 @@
+Copied from Debian.
+
+From 18c512ebdcc5cacc777e9dbcc6817f83c301ad93 Mon Sep 17 00:00:00 2001
+From: Greg Hudson <ghudson@mit.edu>
+Date: Wed, 4 Nov 2015 21:29:10 -0500
+Subject: Fix SPNEGO context import
+
+The patches for CVE-2015-2695 did not implement a SPNEGO
+gss_import_sec_context() function, under the erroneous belief than an
+exported SPNEGO context would be tagged with the underlying context
+mechanism.  Implement it now to allow SPNEGO contexts to be
+successfully exported and imported after establishment.
+
+ticket: 8273
+(cherry picked from commit fbb565f913c52eba9bea82f1694aba7a8c90e93d)
+
+Patch-Category: upstream
+---
+ src/lib/gssapi/spnego/spnego_mech.c | 33 +++++++++++++++++++++++++++------
+ 1 file changed, 27 insertions(+), 6 deletions(-)
+
+diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c
+index a1072b0..02284a1 100644
+--- a/src/lib/gssapi/spnego/spnego_mech.c
++++ b/src/lib/gssapi/spnego/spnego_mech.c
+@@ -2256,12 +2256,33 @@ spnego_gss_import_sec_context(
+ 	const gss_buffer_t	interprocess_token,
+ 	gss_ctx_id_t		*context_handle)
+ {
+-	/*
+-	 * Until we implement partial context exports, there are no SPNEGO
+-	 * exported context tokens, only tokens for underlying mechs.  So just
+-	 * return an error for now.
+-	 */
+-	return GSS_S_UNAVAILABLE;
++	OM_uint32 ret, tmpmin;
++	gss_ctx_id_t mctx;
++	spnego_gss_ctx_id_t sc;
++	int initiate, opened;
++
++	ret = gss_import_sec_context(minor_status, interprocess_token, &mctx);
++	if (ret != GSS_S_COMPLETE)
++		return ret;
++
++	ret = gss_inquire_context(&tmpmin, mctx, NULL, NULL, NULL, NULL, NULL,
++				  &initiate, &opened);
++	if (ret != GSS_S_COMPLETE || !opened) {
++		/* We don't currently support importing partially established
++		 * contexts. */
++		(void) gss_delete_sec_context(&tmpmin, &mctx, GSS_C_NO_BUFFER);
++		return GSS_S_FAILURE;
++	}
++
++	sc = create_spnego_ctx(initiate);
++	if (sc == NULL) {
++		(void) gss_delete_sec_context(&tmpmin, &mctx, GSS_C_NO_BUFFER);
++		return GSS_S_FAILURE;
++	}
++	sc->ctx_handle = mctx;
++	sc->opened = 1;
++	*context_handle = (gss_ctx_id_t)sc;
++	return GSS_S_COMPLETE;
+ }
+ #endif /* LEAN_CLIENT */
+