summary refs log tree commit diff
path: root/gnu/packages/patches/mit-krb5-CVE-2015-8630.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/mit-krb5-CVE-2015-8630.patch')
-rw-r--r--gnu/packages/patches/mit-krb5-CVE-2015-8630.patch81
1 files changed, 0 insertions, 81 deletions
diff --git a/gnu/packages/patches/mit-krb5-CVE-2015-8630.patch b/gnu/packages/patches/mit-krb5-CVE-2015-8630.patch
deleted file mode 100644
index c21d84b1e7..0000000000
--- a/gnu/packages/patches/mit-krb5-CVE-2015-8630.patch
+++ /dev/null
@@ -1,81 +0,0 @@
-Copied from Fedora.
-http://pkgs.fedoraproject.org/cgit/rpms/krb5.git/tree/krb5-CVE-2015-8630.patch?h=f22
-
-From b863de7fbf080b15e347a736fdda0a82d42f4f6b Mon Sep 17 00:00:00 2001
-From: Greg Hudson <ghudson@mit.edu>
-Date: Fri, 8 Jan 2016 12:52:28 -0500
-Subject: [PATCH 2/3] Check for null kadm5 policy name [CVE-2015-8630]
-
-In kadm5_create_principal_3() and kadm5_modify_principal(), check for
-entry->policy being null when KADM5_POLICY is included in the mask.
-
-CVE-2015-8630:
-
-In MIT krb5 1.12 and later, an authenticated attacker with permission
-to modify a principal entry can cause kadmind to dereference a null
-pointer by supplying a null policy value but including KADM5_POLICY in
-the mask.
-
-    CVSSv2 Vector: AV:N/AC:H/Au:S/C:N/I:N/A:C/E:POC/RL:OF/RC:C
-
-ticket: 8342 (new)
-target_version: 1.14-next
-target_version: 1.13-next
-tags: pullup
----
- src/lib/kadm5/srv/svr_principal.c | 12 ++++++++----
- 1 file changed, 8 insertions(+), 4 deletions(-)
-
-diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c
-index 5b95fa3..1d4365c 100644
---- a/src/lib/kadm5/srv/svr_principal.c
-+++ b/src/lib/kadm5/srv/svr_principal.c
-@@ -395,6 +395,8 @@ kadm5_create_principal_3(void *server_handle,
-     /*
-      * Argument sanity checking, and opening up the DB
-      */
-+    if (entry == NULL)
-+        return EINVAL;
-     if(!(mask & KADM5_PRINCIPAL) || (mask & KADM5_MOD_NAME) ||
-        (mask & KADM5_MOD_TIME) || (mask & KADM5_LAST_PWD_CHANGE) ||
-        (mask & KADM5_MKVNO) || (mask & KADM5_AUX_ATTRIBUTES) ||
-@@ -403,12 +405,12 @@ kadm5_create_principal_3(void *server_handle,
-         return KADM5_BAD_MASK;
-     if ((mask & KADM5_KEY_DATA) && entry->n_key_data != 0)
-         return KADM5_BAD_MASK;
-+    if((mask & KADM5_POLICY) && entry->policy == NULL)
-+        return KADM5_BAD_MASK;
-     if((mask & KADM5_POLICY) && (mask & KADM5_POLICY_CLR))
-         return KADM5_BAD_MASK;
-     if((mask & ~ALL_PRINC_MASK))
-         return KADM5_BAD_MASK;
--    if (entry == NULL)
--        return EINVAL;
- 
-     /*
-      * Check to see if the principal exists
-@@ -643,6 +645,8 @@ kadm5_modify_principal(void *server_handle,
- 
-     krb5_clear_error_message(handle->context);
- 
-+    if(entry == NULL)
-+        return EINVAL;
-     if((mask & KADM5_PRINCIPAL) || (mask & KADM5_LAST_PWD_CHANGE) ||
-        (mask & KADM5_MOD_TIME) || (mask & KADM5_MOD_NAME) ||
-        (mask & KADM5_MKVNO) || (mask & KADM5_AUX_ATTRIBUTES) ||
-@@ -651,10 +655,10 @@ kadm5_modify_principal(void *server_handle,
-         return KADM5_BAD_MASK;
-     if((mask & ~ALL_PRINC_MASK))
-         return KADM5_BAD_MASK;
-+    if((mask & KADM5_POLICY) && entry->policy == NULL)
-+        return KADM5_BAD_MASK;
-     if((mask & KADM5_POLICY) && (mask & KADM5_POLICY_CLR))
-         return KADM5_BAD_MASK;
--    if(entry == (kadm5_principal_ent_t) NULL)
--        return EINVAL;
-     if (mask & KADM5_TL_DATA) {
-         tl_data_orig = entry->tl_data;
-         while (tl_data_orig) {
--- 
-2.7.0.rc3
-