Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 5 Dec 2022 20:09:20 GMT
From:      Cy Schubert <cy@FreeBSD.org>
To:        ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-branches@FreeBSD.org
Subject:   git: 6fecfd883179 - 2022Q4 - security/heimdal*: Handle other types of garbage data
Message-ID:  <202212052009.2B5K9KsP042529@gitrepo.freebsd.org>

next in thread | raw e-mail | index | archive | help
The branch 2022Q4 has been updated by cy:

URL: https://cgit.FreeBSD.org/ports/commit/?id=6fecfd8831794f809b1c1c87a9621104ee3f6599

commit 6fecfd8831794f809b1c1c87a9621104ee3f6599
Author:     Cy Schubert <cy@FreeBSD.org>
AuthorDate: 2022-11-24 16:52:45 +0000
Commit:     Cy Schubert <cy@FreeBSD.org>
CommitDate: 2022-12-05 20:06:15 +0000

    security/heimdal*: Handle other types of garbage data
    
    In addition to garbage realm data, also handle garbage dbname, acl_file,
    stash_file, and invalid bitmask garbage data.
    
    PR:             267912
    Reported by:    Robert Morris <rtm@lcs.mit.edu>
    
    (cherry picked from commit 8cafd5bc0d866a425eb883e00cef02df1ef31db4)
---
 security/heimdal-devel/Makefile                    |  2 +-
 .../heimdal-devel/files/patch-lib_kadm5_marshall.c | 32 ++++++++++++++++++++--
 security/heimdal/Makefile                          |  2 +-
 security/heimdal/files/patch-lib_kadm5_marshall.c  | 32 ++++++++++++++++++++--
 4 files changed, 62 insertions(+), 6 deletions(-)

diff --git a/security/heimdal-devel/Makefile b/security/heimdal-devel/Makefile
index 8112494057d3..9910558554e5 100644
--- a/security/heimdal-devel/Makefile
+++ b/security/heimdal-devel/Makefile
@@ -1,6 +1,6 @@
 PORTNAME=	heimdal
 PORTVERSION=	${HEIMDAL_COMMIT_DATE}
-PORTREVISION=	4
+PORTREVISION=	5
 CATEGORIES=	security
 PKGNAMESUFFIX=	-devel
 HASH=		8f9c2d115
diff --git a/security/heimdal-devel/files/patch-lib_kadm5_marshall.c b/security/heimdal-devel/files/patch-lib_kadm5_marshall.c
index 8cc79bafcc8c..8bc63095693f 100644
--- a/security/heimdal-devel/files/patch-lib_kadm5_marshall.c
+++ b/security/heimdal-devel/files/patch-lib_kadm5_marshall.c
@@ -1,7 +1,14 @@
 --- lib/kadm5/marshall.c.orig	2022-11-17 16:55:32.000000000 -0800
-+++ lib/kadm5/marshall.c	2022-11-24 08:17:04.255672000 -0800
-@@ -465,8 +465,12 @@
++++ lib/kadm5/marshall.c	2022-11-24 08:47:49.092069000 -0800
+@@ -463,10 +463,40 @@
+     ret = krb5_ret_int32(sp, &mask);
+     if (ret)
  	goto out;
++    if (mask & KADM5_CONFIG_REALM & KADM5_CONFIG_DBNAME
++	& KADM5_CONFIG_ACL_FILE & KADM5_CONFIG_STASH_FILE) {
++	    ret = EINVAL;
++	    goto out;
++    }
      params->mask = mask;
  
 -    if(params->mask & KADM5_CONFIG_REALM)
@@ -9,6 +16,27 @@
  	ret = krb5_ret_string(sp, &params->realm);
 +	if (params->realm == NULL) {
 +	    ret = EINVAL;
++	    goto out;
++	}
++    }
++    if (params->mask & KADM5_CONFIG_DBNAME) {
++	ret = krb5_ret_string(sp, &params->dbname);
++	if (params->dbname == NULL) {
++	    ret = EINVAL;
++	    goto out;
++	}
++    }
++    if (params->mask & KADM5_CONFIG_ACL_FILE) {
++	ret = krb5_ret_string(sp, &params->acl_file);
++	if (params->acl_file == NULL) {
++	    ret = EINVAL;
++	    goto out;
++	}
++    }
++    if (params->mask & KADM5_CONFIG_STASH_FILE) {
++	ret = krb5_ret_string(sp, &params->stash_file);
++	if (params->stash_file == NULL) {
++	    ret = EINVAL;
 +	}
 +    }
   out:
diff --git a/security/heimdal/Makefile b/security/heimdal/Makefile
index 93995fde6703..dc32a73987be 100644
--- a/security/heimdal/Makefile
+++ b/security/heimdal/Makefile
@@ -1,6 +1,6 @@
 PORTNAME=	heimdal
 PORTVERSION=	7.8.0
-PORTREVISION=	5
+PORTREVISION=	6
 CATEGORIES=	security
 MASTER_SITES=	https://github.com/heimdal/heimdal/releases/download/${DISTNAME}/
 
diff --git a/security/heimdal/files/patch-lib_kadm5_marshall.c b/security/heimdal/files/patch-lib_kadm5_marshall.c
index d02a364d7011..d44311d5edbf 100644
--- a/security/heimdal/files/patch-lib_kadm5_marshall.c
+++ b/security/heimdal/files/patch-lib_kadm5_marshall.c
@@ -1,7 +1,14 @@
 --- lib/kadm5/marshall.c.orig	2022-09-15 16:54:19.000000000 -0700
-+++ lib/kadm5/marshall.c	2022-11-24 08:26:55.920305000 -0800
-@@ -409,8 +409,12 @@
++++ lib/kadm5/marshall.c	2022-11-24 08:47:40.099673000 -0800
+@@ -407,10 +407,40 @@
+     ret = krb5_ret_int32(sp, &mask);
+     if (ret)
  	goto out;
++    if (mask & KADM5_CONFIG_REALM & KADM5_CONFIG_DBNAME
++	& KADM5_CONFIG_ACL_FILE & KADM5_CONFIG_STASH_FILE) {
++	    ret = EINVAL;
++	    goto out;
++    }
      params->mask = mask;
  
 -    if(params->mask & KADM5_CONFIG_REALM)
@@ -9,6 +16,27 @@
  	ret = krb5_ret_string(sp, &params->realm);
 +	if (params->realm == NULL) {
 +	    ret = EINVAL;
++	    goto out;
++	}
++    }
++    if (params->mask & KADM5_CONFIG_DBNAME) {
++	ret = krb5_ret_string(sp, &params->dbname);
++	if (params->dbname == NULL) {
++	    ret = EINVAL;
++	    goto out;
++	}
++    }
++    if (params->mask & KADM5_CONFIG_ACL_FILE) {
++	ret = krb5_ret_string(sp, &params->acl_file);
++	if (params->acl_file == NULL) {
++	    ret = EINVAL;
++	    goto out;
++	}
++    }
++    if (params->mask & KADM5_CONFIG_STASH_FILE) {
++	ret = krb5_ret_string(sp, &params->stash_file);
++	if (params->stash_file == NULL) {
++	    ret = EINVAL;
 +	}
 +    }
   out:



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202212052009.2B5K9KsP042529>