-
Notifications
You must be signed in to change notification settings - Fork 535
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
heimdal: Add backported patch for fixing CVE-2022-3116 (#10588)
Signed-off-by: ankita <[email protected]> Co-authored-by: ankita <[email protected]>
- Loading branch information
1 parent
268b018
commit 3832409
Showing
2 changed files
with
57 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,52 @@ | ||
| From 2584657af19b706fe49225cc9227bbfded0ee704 Mon Sep 17 00:00:00 2001 | ||
| From: ankita <[email protected]> | ||
| Date: Tue, 1 Oct 2024 16:05:50 +0530 | ||
| Subject: [PATCH] heimdal: Fix NULL deref in spnego for fixing CVE-2022-3116 | ||
|
|
||
| Signed-off-by: ankita <[email protected]> | ||
| --- | ||
| lib/gssapi/spnego/accept_sec_context.c | 28 +++++++++++++------------- | ||
| 1 file changed, 14 insertions(+), 14 deletions(-) | ||
|
|
||
| diff --git a/lib/gssapi/spnego/accept_sec_context.c b/lib/gssapi/spnego/accept_sec_context.c | ||
| index 5fe1a1a..4920664 100644 | ||
| --- a/lib/gssapi/spnego/accept_sec_context.c | ||
| +++ b/lib/gssapi/spnego/accept_sec_context.c | ||
| @@ -605,20 +605,20 @@ acceptor_start | ||
| * If opportunistic token failed, lets try the other mechs. | ||
| */ | ||
|
|
||
| - if (!first_ok && ni->mechToken != NULL) { | ||
| - size_t j; | ||
| - | ||
| - preferred_mech_type = GSS_C_NO_OID; | ||
| - | ||
| - /* Call glue layer to find first mech we support */ | ||
| - for (j = 1; j < ni->mechTypes.len; ++j) { | ||
| - ret = select_mech(minor_status, | ||
| - &ni->mechTypes.val[j], | ||
| - 1, | ||
| - &preferred_mech_type); | ||
| - if (ret == 0) | ||
| - break; | ||
| - } | ||
| + if (!first_ok) { | ||
| + size_t j; | ||
| + | ||
| + preferred_mech_type = GSS_C_NO_OID; | ||
| + | ||
| + /* Call glue layer to find first mech we support */ | ||
| + for (j = 1; j < ni->mechTypes.len; ++j) { | ||
| + ret = select_mech(minor_status, | ||
| + &ni->mechTypes.val[j], | ||
| + 1, | ||
| + &preferred_mech_type); | ||
| + if (ret == 0) | ||
| + break; | ||
| + } | ||
| } | ||
|
|
||
| ctx->preferred_mech_type = preferred_mech_type; | ||
| -- | ||
| 2.34.1 | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -12,7 +12,7 @@ | |
| Summary: A Kerberos 5 implementation without export restrictions | ||
| Name: heimdal | ||
| Version: 7.7.1 | ||
| Release: 3%{?dist} | ||
| Release: 4%{?dist} | ||
| License: BSD AND MIT | ||
| Vendor: Microsoft Corporation | ||
| Distribution: Mariner | ||
|
|
@@ -45,6 +45,7 @@ Patch4: CVE-2022-42898.patch | |
| Patch5: 0001-lib-krb5-krb5_pac_parse-mem-leak-if-pac_header_size-.patch | ||
| Patch6: 0002-kdc-Check-generate_pac-return-code.patch | ||
| Patch7: 0003-kdc-avoid-re-encoding-KDC-REQ-BODY.patch | ||
| Patch8: CVE-2022-3116.patch | ||
| BuildRequires: bison | ||
| #libcom_err-devel is in | ||
| #BuildRequires: libcom_err-devel | ||
|
|
@@ -487,6 +488,9 @@ fi | |
| %{_sysconfdir}/profile.d/%{name}.csh | ||
|
|
||
| %changelog | ||
| * Tue Oct 01 2024 Ankita Pareek <[email protected]> - 7.7.1-4 | ||
| - Add backported patch for CVE-2022-3116 | ||
|
|
||
| * Thu Aug 24 2023 Muhammad Falak R Wani <[email protected]> - 7.7.1-3 | ||
| - Address CVE-2022-42898 | ||
| - Introduce 3 more patches that fix bugs: https://github.com/heimdal/heimdal/issues/1011 | ||
|
|
||