Date: Thu, 28 May 2015 17:49:12 +0000 (UTC) From: Xin LI <delphij@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r387748 - in branches/2015Q2/security/krb5-112: . files Message-ID: <201505281749.t4SHnCVq057553@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: delphij Date: Thu May 28 17:49:12 2015 New Revision: 387748 URL: https://svnweb.freebsd.org/changeset/ports/387748 Log: MFH: r387747 Apply vendor patch for CVE-2015-2694 (changeset b0c571e709c72da799ccc15fb5755f7910170e33) to prevent requires_preauth bypass. Obtained from: https://github.com/krb5/krb5/commit/b0c571e709c72da799ccc15fb5755f7910170e33.diff Security: CVE-2015-2694 Security: 0b040e24-f751-11e4-b24d-5453ed2e2b49 Approved by: ports-secteam Added: branches/2015Q2/security/krb5-112/files/patch-CVE-2015-2694 - copied unchanged from r387747, head/security/krb5-112/files/patch-CVE-2015-2694 Modified: branches/2015Q2/security/krb5-112/Makefile Directory Properties: branches/2015Q2/ (props changed) Modified: branches/2015Q2/security/krb5-112/Makefile ============================================================================== --- branches/2015Q2/security/krb5-112/Makefile Thu May 28 17:48:17 2015 (r387747) +++ branches/2015Q2/security/krb5-112/Makefile Thu May 28 17:49:12 2015 (r387748) @@ -3,7 +3,7 @@ PORTNAME= krb5 PORTVERSION= 1.12.3 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MASTER_SITES= http://web.mit.edu/kerberos/dist/${PORTNAME}/${PORTVERSION:C/^[0-9]*\.[0-9]*/&X/:C/X\.[0-9]*$//:C/X//}/ PKGNAMESUFFIX= -112 Copied: branches/2015Q2/security/krb5-112/files/patch-CVE-2015-2694 (from r387747, head/security/krb5-112/files/patch-CVE-2015-2694) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2015Q2/security/krb5-112/files/patch-CVE-2015-2694 Thu May 28 17:49:12 2015 (r387748, copy of r387747, head/security/krb5-112/files/patch-CVE-2015-2694) @@ -0,0 +1,65 @@ +--- plugins/preauth/otp/main.c.orig 2015-02-18 22:31:13 UTC ++++ plugins/preauth/otp/main.c +@@ -42,6 +42,7 @@ static krb5_preauthtype otp_pa_type_list + struct request_state { + krb5_kdcpreauth_verify_respond_fn respond; + void *arg; ++ krb5_enc_tkt_part *enc_tkt_reply; + }; + + static krb5_error_code +@@ -159,6 +160,9 @@ on_response(void *data, krb5_error_code + if (retval == 0 && response != otp_response_success) + retval = KRB5_PREAUTH_FAILED; + ++ if (retval == 0) ++ rs.enc_tkt_reply->flags |= TKT_FLG_PRE_AUTH; ++ + rs.respond(rs.arg, retval, NULL, NULL, NULL); + } + +@@ -263,8 +267,6 @@ otp_verify(krb5_context context, krb5_da + krb5_data d, plaintext; + char *config; + +- enc_tkt_reply->flags |= TKT_FLG_PRE_AUTH; +- + /* Get the FAST armor key. */ + armor_key = cb->fast_armor(context, rock); + if (armor_key == NULL) { +@@ -298,12 +300,14 @@ otp_verify(krb5_context context, krb5_da + goto error; + } + +- /* Create the request state. */ ++ /* Create the request state. Save the response callback, and the ++ * enc_tkt_reply pointer so we can set the TKT_FLG_PRE_AUTH flag later. */ + rs = k5alloc(sizeof(struct request_state), &retval); + if (rs == NULL) + goto error; + rs->arg = arg; + rs->respond = respond; ++ rs->enc_tkt_reply = enc_tkt_reply; + + /* Get the principal's OTP configuration string. */ + retval = cb->get_string(context, rock, "otp", &config); +--- plugins/preauth/pkinit/pkinit_srv.c.orig 2015-02-18 22:31:13 UTC ++++ plugins/preauth/pkinit/pkinit_srv.c +@@ -306,7 +306,7 @@ pkinit_server_verify_padata(krb5_context + + pkiDebug("pkinit_verify_padata: entered!\n"); + if (data == NULL || data->length <= 0 || data->contents == NULL) { +- (*respond)(arg, 0, NULL, NULL, NULL); ++ (*respond)(arg, EINVAL, NULL, NULL, NULL); + return; + } + +@@ -318,7 +318,7 @@ pkinit_server_verify_padata(krb5_context + + plgctx = pkinit_find_realm_context(context, moddata, request->server); + if (plgctx == NULL) { +- (*respond)(arg, 0, NULL, NULL, NULL); ++ (*respond)(arg, EINVAL, NULL, NULL, NULL); + return; + } +
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201505281749.t4SHnCVq057553>