From nobody Mon Dec 5 20:09:19 2022 X-Original-To: dev-commits-ports-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NQvlM4WS9z4jP4H; Mon, 5 Dec 2022 20:09:19 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4NQvlM46RVz3k8y; Mon, 5 Dec 2022 20:09:19 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1670270959; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Qbgxlb5TLHM+/DNz4krqF+q7iJKwkdWZx1RzAp36oKY=; b=PVIBkBeUNY5otmY5FRB+PKVYxm+QTg4KSd6LDGBdaAil7VLpH5NWkKAcDKXrHrdwJ3tNb2 mW4kaJc7W5FT76KpHYrq4L55kmKSwZXUNWU983JWsy8DTAnfsl7/a+FUDTcTOLPbbR9sbs DbZJYzSbmxenoquu+cpPVmveMXSNW4lZ3fC2cSX2HQLUrpk03w9MMYxtS/FtXDpvTv3Gm1 IGlbjDauSGtjmxw5kSkvFlh7Z7QhZtWWLDxHUv7sL2ndS3E0RpLmSLSGaMOR4h3gF0o7Q5 OR3/34Iz+ZZ+rSVEU3BV5S5xyXiNzbavfg8ActoQcZ/Ra5JViOu41Y680uV80g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1670270959; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Qbgxlb5TLHM+/DNz4krqF+q7iJKwkdWZx1RzAp36oKY=; b=BJzttE64UZZjpex9PGHxqKowC0wGdQuaOhW1hr/dffP7VMB6M7wM1D5zXAHbWn7VQCKjIs 4YTiePm2gB07RlGjVWUF8CMwsvG3Bp5RzgkYDWJ/KKg1uZpJsWGjsw8rTiqNSF7Qsb3Loj txMjS9GIZyLGuJ4yRb8Sa+FQ9rzUk1S98EEVYxY0m+65AUdCvAeQCg2ePZsox+zSu87lep 8aWd8qGOXdiIpQUqMajGt9T3obwH5Z1qf2lRHbvlnIEU/t+GiefOOd8L+SpPa/w8wNqmzt 1hFHsBiiSA9Ua6LMH8SIgMAnL5sXkf2qymL/V62uEicB6ENs+hxwa7TrNUc5dg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1670270959; a=rsa-sha256; cv=none; b=bWzsqqDI3MWk8HGCIpiO85m8cxi3IyjHWJBq/24mk2Rb4jeMdh6fG3pNwnJz06oOO9mzgU sMWAQzzMWcU1Tv/nFF4HNZ0tTHU6KBnJkQe2AbTelHet3N7EjXpqS1SVHAJjL8wceRKXis npkj0R7S6MD6qLFuGKFrRlfbGq2wo9CvgU/eHftblJOwtFEaz+fRHWjlkNaQgyjyWsFRMU GuJ369/1bP8mTolNtoPPpN2VpJA11s63TaLmndbYOh9p7X4/X2vm8T2seTIpD3o8vwxM2W q0LI2tn1jVryGF/O38uqbM3Qq1QQICpj/HftCHi3ArrlxrBeoZerQQyJySweLQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4NQvlM2xG1z19Mc; Mon, 5 Dec 2022 20:09:19 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 2B5K9JT2042505; Mon, 5 Dec 2022 20:09:19 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 2B5K9J4E042504; Mon, 5 Dec 2022 20:09:19 GMT (envelope-from git) Date: Mon, 5 Dec 2022 20:09:19 GMT Message-Id: <202212052009.2B5K9J4E042504@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-branches@FreeBSD.org From: Cy Schubert Subject: git: fecfd3cc71ae - 2022Q4 - security/heimdal*: Fix NULL dereference when mangled realm message List-Id: Commits to the quarterly branches of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-branches@freebsd.org X-BeenThere: dev-commits-ports-branches@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: cy X-Git-Repository: ports X-Git-Refname: refs/heads/2022Q4 X-Git-Reftype: branch X-Git-Commit: fecfd3cc71aefc4b93d9fd085d40ce107c6756a9 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch 2022Q4 has been updated by cy: URL: https://cgit.FreeBSD.org/ports/commit/?id=fecfd3cc71aefc4b93d9fd085d40ce107c6756a9 commit fecfd3cc71aefc4b93d9fd085d40ce107c6756a9 Author: Cy Schubert AuthorDate: 2022-11-24 16:37:45 +0000 Commit: Cy Schubert CommitDate: 2022-12-05 20:06:14 +0000 security/heimdal*: Fix NULL dereference when mangled realm message Fix a NULL dereference in _kadm5_s_init_context() when the client sends a mangled realm message. PR: 267912 Reported by: Robert Morris (cherry picked from commit 678bdaf21b9a05d99e0aceecd414782926e57ae4) --- security/heimdal-devel/Makefile | 2 +- security/heimdal-devel/files/patch-lib_kadm5_marshall.c | 16 ++++++++++++++++ security/heimdal/Makefile | 2 +- security/heimdal/files/patch-kadmin_server.c | 13 +++++++++++++ security/heimdal/files/patch-lib_kadm5_marshall.c | 16 ++++++++++++++++ 5 files changed, 47 insertions(+), 2 deletions(-) diff --git a/security/heimdal-devel/Makefile b/security/heimdal-devel/Makefile index 890391647bc5..8112494057d3 100644 --- a/security/heimdal-devel/Makefile +++ b/security/heimdal-devel/Makefile @@ -1,6 +1,6 @@ PORTNAME= heimdal PORTVERSION= ${HEIMDAL_COMMIT_DATE} -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= security PKGNAMESUFFIX= -devel HASH= 8f9c2d115 diff --git a/security/heimdal-devel/files/patch-lib_kadm5_marshall.c b/security/heimdal-devel/files/patch-lib_kadm5_marshall.c new file mode 100644 index 000000000000..8cc79bafcc8c --- /dev/null +++ b/security/heimdal-devel/files/patch-lib_kadm5_marshall.c @@ -0,0 +1,16 @@ +--- lib/kadm5/marshall.c.orig 2022-11-17 16:55:32.000000000 -0800 ++++ lib/kadm5/marshall.c 2022-11-24 08:17:04.255672000 -0800 +@@ -465,8 +465,12 @@ + goto out; + params->mask = mask; + +- if(params->mask & KADM5_CONFIG_REALM) ++ if (params->mask & KADM5_CONFIG_REALM) { + ret = krb5_ret_string(sp, ¶ms->realm); ++ if (params->realm == NULL) { ++ ret = EINVAL; ++ } ++ } + out: + krb5_storage_free(sp); + diff --git a/security/heimdal/Makefile b/security/heimdal/Makefile index 3d92a0c2fd3b..93995fde6703 100644 --- a/security/heimdal/Makefile +++ b/security/heimdal/Makefile @@ -1,6 +1,6 @@ PORTNAME= heimdal PORTVERSION= 7.8.0 -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= security MASTER_SITES= https://github.com/heimdal/heimdal/releases/download/${DISTNAME}/ diff --git a/security/heimdal/files/patch-kadmin_server.c b/security/heimdal/files/patch-kadmin_server.c new file mode 100644 index 000000000000..d4a2439f3bdb --- /dev/null +++ b/security/heimdal/files/patch-kadmin_server.c @@ -0,0 +1,13 @@ +--- kadmin/server.c.orig 2022-09-15 16:54:19.000000000 -0700 ++++ kadmin/server.c 2022-11-24 08:26:55.919761000 -0800 +@@ -787,7 +787,9 @@ + ret = krb5_read_priv_message(contextp, ac, &fd, ¶ms); + if(ret) + krb5_err(contextp, 1, ret, "krb5_read_priv_message"); +- _kadm5_unmarshal_params(contextp, ¶ms, &realm_params); ++ ret = _kadm5_unmarshal_params(contextp, ¶ms, &realm_params); ++ if(ret) ++ krb5_err(contextp, 1, ret, "_kadm5_unmarshal_params"); + } + + initial = ticket->ticket.flags.initial; diff --git a/security/heimdal/files/patch-lib_kadm5_marshall.c b/security/heimdal/files/patch-lib_kadm5_marshall.c new file mode 100644 index 000000000000..d02a364d7011 --- /dev/null +++ b/security/heimdal/files/patch-lib_kadm5_marshall.c @@ -0,0 +1,16 @@ +--- lib/kadm5/marshall.c.orig 2022-09-15 16:54:19.000000000 -0700 ++++ lib/kadm5/marshall.c 2022-11-24 08:26:55.920305000 -0800 +@@ -409,8 +409,12 @@ + goto out; + params->mask = mask; + +- if(params->mask & KADM5_CONFIG_REALM) ++ if (params->mask & KADM5_CONFIG_REALM) { + ret = krb5_ret_string(sp, ¶ms->realm); ++ if (params->realm == NULL) { ++ ret = EINVAL; ++ } ++ } + out: + krb5_storage_free(sp); +