From nobody Mon Dec  5 20:09:20 2022
X-Original-To: dev-commits-ports-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NQvlN5MgGz4jP4K;
	Mon,  5 Dec 2022 20:09:20 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4NQvlN4ZvTz3k9B;
	Mon,  5 Dec 2022 20:09:20 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1670270960;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=7RrGnaimn78T+QAsNjRXeAQQrEYTE5DugFwhuXhw6CM=;
	b=HcrD76amnNUk5XFjgEKyQXuDb43Bu9eInhOOfrjiIQfo9qwYfIM/LShPsseLSQ1YToXAl6
	P8oX0Iqh2mvrTLCurAnRdhj6EoMWDsfZDKG2GE4muxcsCmEgz+lCy/FgV/CJSWwvCyzcqp
	lKbaM4jVB0JHzhgZL8uqZWD6EZ/5imue/uMYxX00pqLj4OoyEfeDyReUshFW0N2GUS23A+
	yv8Pl6gJfxJATmWWIsNvd4UOCuEASvTFHLqUlMW0h+/8x2bstAOeIljtXpa5YR2r4b4OEk
	cZS/lZaotQB7hgKJ9Gqyyunw9Z13d0+iDRnc+A28eWhIRS4VIQJLajQQPrCXkw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1670270960;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=7RrGnaimn78T+QAsNjRXeAQQrEYTE5DugFwhuXhw6CM=;
	b=Ab0aOD5K9Gao2SxUrg5ltPRnYNGJW/3Awc2Taoklhc6htoL0yLf8Dm8chK76/Ono6L6Aj5
	4e/QZyeVUln9IWR4q3eLi0zc6ofBx2XZZ+omiV/T8ud9jqXqHDJ5pXTc9g2ScpXu+0sXh0
	dg9r5SW+bqxKESe0qJ2E5uIGbJJeuhZX0Regjx9h3yU2wg1Oa1GmJCZV22lecElbPKfF8P
	z52Yf7n3AGP9/1d3lhdTWJGGAKRJrfPD6SOwF4UBl3a6hc3K0/WZpEJaCGltluLtlIOab/
	i3xUGrTmPCkyJWLjh/sJKzEcztW49p8mIMzYx8baYbAKbIWEKIvjDBSmT5ok/Q==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1670270960; a=rsa-sha256; cv=none;
	b=J2pkPNy9PrAtkBt5JEN0Ixn6kzMOFOpRxQ/Uifg5Ze5CkoXEAV7Ah+4S34ad/nyCmPc9Jp
	1RoGiPIqLQZcztkQLOYwAz6U5PYUhNuyGWhn5pfaayZuKtBWQ1grLE/uRYntZI1MSiE+sM
	EZoTKcQeFSAXr2RS89dF+oyIKSFFGFiyJhV0/6NNP4BBgLe4sf5o1qqbneCoVtwo5/E+6u
	XrCfF5M2CoYkrrL4NZE3iKOIcR/WOe6b54BurRfxi/Tedn/o+iTRwu9nyJ2roj1W8lLQj3
	lOtjBlShbW0phe2YZ/Wy+6JGtgVfv90+z+ijg/uLkL+39awv1XOgyD2HGzPOTw==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4NQvlN3fh5z19Md;
	Mon,  5 Dec 2022 20:09:20 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 2B5K9KRw042530;
	Mon, 5 Dec 2022 20:09:20 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 2B5K9KsP042529;
	Mon, 5 Dec 2022 20:09:20 GMT
	(envelope-from git)
Date: Mon, 5 Dec 2022 20:09:20 GMT
Message-Id: <202212052009.2B5K9KsP042529@gitrepo.freebsd.org>
To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org,
        dev-commits-ports-branches@FreeBSD.org
From: Cy Schubert <cy@FreeBSD.org>
Subject: git: 6fecfd883179 - 2022Q4 - security/heimdal*: Handle other types of garbage data
List-Id: Commits to the quarterly branches of the FreeBSD ports repository <dev-commits-ports-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-branches
List-Help: <mailto:dev-commits-ports-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-ports-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-ports-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-ports-branches+unsubscribe@freebsd.org>
Sender: owner-dev-commits-ports-branches@freebsd.org
X-BeenThere: dev-commits-ports-branches@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: cy
X-Git-Repository: ports
X-Git-Refname: refs/heads/2022Q4
X-Git-Reftype: branch
X-Git-Commit: 6fecfd8831794f809b1c1c87a9621104ee3f6599
Auto-Submitted: auto-generated
X-ThisMailContainsUnwantedMimeParts: N

The branch 2022Q4 has been updated by cy:

URL: https://cgit.FreeBSD.org/ports/commit/?id=6fecfd8831794f809b1c1c87a9621104ee3f6599

commit 6fecfd8831794f809b1c1c87a9621104ee3f6599
Author:     Cy Schubert <cy@FreeBSD.org>
AuthorDate: 2022-11-24 16:52:45 +0000
Commit:     Cy Schubert <cy@FreeBSD.org>
CommitDate: 2022-12-05 20:06:15 +0000

    security/heimdal*: Handle other types of garbage data
    
    In addition to garbage realm data, also handle garbage dbname, acl_file,
    stash_file, and invalid bitmask garbage data.
    
    PR:             267912
    Reported by:    Robert Morris <rtm@lcs.mit.edu>
    
    (cherry picked from commit 8cafd5bc0d866a425eb883e00cef02df1ef31db4)
---
 security/heimdal-devel/Makefile                    |  2 +-
 .../heimdal-devel/files/patch-lib_kadm5_marshall.c | 32 ++++++++++++++++++++--
 security/heimdal/Makefile                          |  2 +-
 security/heimdal/files/patch-lib_kadm5_marshall.c  | 32 ++++++++++++++++++++--
 4 files changed, 62 insertions(+), 6 deletions(-)

diff --git a/security/heimdal-devel/Makefile b/security/heimdal-devel/Makefile
index 8112494057d3..9910558554e5 100644
--- a/security/heimdal-devel/Makefile
+++ b/security/heimdal-devel/Makefile
@@ -1,6 +1,6 @@
 PORTNAME=	heimdal
 PORTVERSION=	${HEIMDAL_COMMIT_DATE}
-PORTREVISION=	4
+PORTREVISION=	5
 CATEGORIES=	security
 PKGNAMESUFFIX=	-devel
 HASH=		8f9c2d115
diff --git a/security/heimdal-devel/files/patch-lib_kadm5_marshall.c b/security/heimdal-devel/files/patch-lib_kadm5_marshall.c
index 8cc79bafcc8c..8bc63095693f 100644
--- a/security/heimdal-devel/files/patch-lib_kadm5_marshall.c
+++ b/security/heimdal-devel/files/patch-lib_kadm5_marshall.c
@@ -1,7 +1,14 @@
 --- lib/kadm5/marshall.c.orig	2022-11-17 16:55:32.000000000 -0800
-+++ lib/kadm5/marshall.c	2022-11-24 08:17:04.255672000 -0800
-@@ -465,8 +465,12 @@
++++ lib/kadm5/marshall.c	2022-11-24 08:47:49.092069000 -0800
+@@ -463,10 +463,40 @@
+     ret = krb5_ret_int32(sp, &mask);
+     if (ret)
  	goto out;
++    if (mask & KADM5_CONFIG_REALM & KADM5_CONFIG_DBNAME
++	& KADM5_CONFIG_ACL_FILE & KADM5_CONFIG_STASH_FILE) {
++	    ret = EINVAL;
++	    goto out;
++    }
      params->mask = mask;
  
 -    if(params->mask & KADM5_CONFIG_REALM)
@@ -9,6 +16,27 @@
  	ret = krb5_ret_string(sp, &params->realm);
 +	if (params->realm == NULL) {
 +	    ret = EINVAL;
++	    goto out;
++	}
++    }
++    if (params->mask & KADM5_CONFIG_DBNAME) {
++	ret = krb5_ret_string(sp, &params->dbname);
++	if (params->dbname == NULL) {
++	    ret = EINVAL;
++	    goto out;
++	}
++    }
++    if (params->mask & KADM5_CONFIG_ACL_FILE) {
++	ret = krb5_ret_string(sp, &params->acl_file);
++	if (params->acl_file == NULL) {
++	    ret = EINVAL;
++	    goto out;
++	}
++    }
++    if (params->mask & KADM5_CONFIG_STASH_FILE) {
++	ret = krb5_ret_string(sp, &params->stash_file);
++	if (params->stash_file == NULL) {
++	    ret = EINVAL;
 +	}
 +    }
   out:
diff --git a/security/heimdal/Makefile b/security/heimdal/Makefile
index 93995fde6703..dc32a73987be 100644
--- a/security/heimdal/Makefile
+++ b/security/heimdal/Makefile
@@ -1,6 +1,6 @@
 PORTNAME=	heimdal
 PORTVERSION=	7.8.0
-PORTREVISION=	5
+PORTREVISION=	6
 CATEGORIES=	security
 MASTER_SITES=	https://github.com/heimdal/heimdal/releases/download/${DISTNAME}/
 
diff --git a/security/heimdal/files/patch-lib_kadm5_marshall.c b/security/heimdal/files/patch-lib_kadm5_marshall.c
index d02a364d7011..d44311d5edbf 100644
--- a/security/heimdal/files/patch-lib_kadm5_marshall.c
+++ b/security/heimdal/files/patch-lib_kadm5_marshall.c
@@ -1,7 +1,14 @@
 --- lib/kadm5/marshall.c.orig	2022-09-15 16:54:19.000000000 -0700
-+++ lib/kadm5/marshall.c	2022-11-24 08:26:55.920305000 -0800
-@@ -409,8 +409,12 @@
++++ lib/kadm5/marshall.c	2022-11-24 08:47:40.099673000 -0800
+@@ -407,10 +407,40 @@
+     ret = krb5_ret_int32(sp, &mask);
+     if (ret)
  	goto out;
++    if (mask & KADM5_CONFIG_REALM & KADM5_CONFIG_DBNAME
++	& KADM5_CONFIG_ACL_FILE & KADM5_CONFIG_STASH_FILE) {
++	    ret = EINVAL;
++	    goto out;
++    }
      params->mask = mask;
  
 -    if(params->mask & KADM5_CONFIG_REALM)
@@ -9,6 +16,27 @@
  	ret = krb5_ret_string(sp, &params->realm);
 +	if (params->realm == NULL) {
 +	    ret = EINVAL;
++	    goto out;
++	}
++    }
++    if (params->mask & KADM5_CONFIG_DBNAME) {
++	ret = krb5_ret_string(sp, &params->dbname);
++	if (params->dbname == NULL) {
++	    ret = EINVAL;
++	    goto out;
++	}
++    }
++    if (params->mask & KADM5_CONFIG_ACL_FILE) {
++	ret = krb5_ret_string(sp, &params->acl_file);
++	if (params->acl_file == NULL) {
++	    ret = EINVAL;
++	    goto out;
++	}
++    }
++    if (params->mask & KADM5_CONFIG_STASH_FILE) {
++	ret = krb5_ret_string(sp, &params->stash_file);
++	if (params->stash_file == NULL) {
++	    ret = EINVAL;
 +	}
 +    }
   out: