Date: Mon, 5 Dec 2022 20:09:20 GMT From: Cy Schubert <cy@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-branches@FreeBSD.org Subject: git: 6fecfd883179 - 2022Q4 - security/heimdal*: Handle other types of garbage data Message-ID: <202212052009.2B5K9KsP042529@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch 2022Q4 has been updated by cy: URL: https://cgit.FreeBSD.org/ports/commit/?id=6fecfd8831794f809b1c1c87a9621104ee3f6599 commit 6fecfd8831794f809b1c1c87a9621104ee3f6599 Author: Cy Schubert <cy@FreeBSD.org> AuthorDate: 2022-11-24 16:52:45 +0000 Commit: Cy Schubert <cy@FreeBSD.org> CommitDate: 2022-12-05 20:06:15 +0000 security/heimdal*: Handle other types of garbage data In addition to garbage realm data, also handle garbage dbname, acl_file, stash_file, and invalid bitmask garbage data. PR: 267912 Reported by: Robert Morris <rtm@lcs.mit.edu> (cherry picked from commit 8cafd5bc0d866a425eb883e00cef02df1ef31db4) --- security/heimdal-devel/Makefile | 2 +- .../heimdal-devel/files/patch-lib_kadm5_marshall.c | 32 ++++++++++++++++++++-- security/heimdal/Makefile | 2 +- security/heimdal/files/patch-lib_kadm5_marshall.c | 32 ++++++++++++++++++++-- 4 files changed, 62 insertions(+), 6 deletions(-) diff --git a/security/heimdal-devel/Makefile b/security/heimdal-devel/Makefile index 8112494057d3..9910558554e5 100644 --- a/security/heimdal-devel/Makefile +++ b/security/heimdal-devel/Makefile @@ -1,6 +1,6 @@ PORTNAME= heimdal PORTVERSION= ${HEIMDAL_COMMIT_DATE} -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= security PKGNAMESUFFIX= -devel HASH= 8f9c2d115 diff --git a/security/heimdal-devel/files/patch-lib_kadm5_marshall.c b/security/heimdal-devel/files/patch-lib_kadm5_marshall.c index 8cc79bafcc8c..8bc63095693f 100644 --- a/security/heimdal-devel/files/patch-lib_kadm5_marshall.c +++ b/security/heimdal-devel/files/patch-lib_kadm5_marshall.c @@ -1,7 +1,14 @@ --- lib/kadm5/marshall.c.orig 2022-11-17 16:55:32.000000000 -0800 -+++ lib/kadm5/marshall.c 2022-11-24 08:17:04.255672000 -0800 -@@ -465,8 +465,12 @@ ++++ lib/kadm5/marshall.c 2022-11-24 08:47:49.092069000 -0800 +@@ -463,10 +463,40 @@ + ret = krb5_ret_int32(sp, &mask); + if (ret) goto out; ++ if (mask & KADM5_CONFIG_REALM & KADM5_CONFIG_DBNAME ++ & KADM5_CONFIG_ACL_FILE & KADM5_CONFIG_STASH_FILE) { ++ ret = EINVAL; ++ goto out; ++ } params->mask = mask; - if(params->mask & KADM5_CONFIG_REALM) @@ -9,6 +16,27 @@ ret = krb5_ret_string(sp, ¶ms->realm); + if (params->realm == NULL) { + ret = EINVAL; ++ goto out; ++ } ++ } ++ if (params->mask & KADM5_CONFIG_DBNAME) { ++ ret = krb5_ret_string(sp, ¶ms->dbname); ++ if (params->dbname == NULL) { ++ ret = EINVAL; ++ goto out; ++ } ++ } ++ if (params->mask & KADM5_CONFIG_ACL_FILE) { ++ ret = krb5_ret_string(sp, ¶ms->acl_file); ++ if (params->acl_file == NULL) { ++ ret = EINVAL; ++ goto out; ++ } ++ } ++ if (params->mask & KADM5_CONFIG_STASH_FILE) { ++ ret = krb5_ret_string(sp, ¶ms->stash_file); ++ if (params->stash_file == NULL) { ++ ret = EINVAL; + } + } out: diff --git a/security/heimdal/Makefile b/security/heimdal/Makefile index 93995fde6703..dc32a73987be 100644 --- a/security/heimdal/Makefile +++ b/security/heimdal/Makefile @@ -1,6 +1,6 @@ PORTNAME= heimdal PORTVERSION= 7.8.0 -PORTREVISION= 5 +PORTREVISION= 6 CATEGORIES= security MASTER_SITES= https://github.com/heimdal/heimdal/releases/download/${DISTNAME}/ diff --git a/security/heimdal/files/patch-lib_kadm5_marshall.c b/security/heimdal/files/patch-lib_kadm5_marshall.c index d02a364d7011..d44311d5edbf 100644 --- a/security/heimdal/files/patch-lib_kadm5_marshall.c +++ b/security/heimdal/files/patch-lib_kadm5_marshall.c @@ -1,7 +1,14 @@ --- lib/kadm5/marshall.c.orig 2022-09-15 16:54:19.000000000 -0700 -+++ lib/kadm5/marshall.c 2022-11-24 08:26:55.920305000 -0800 -@@ -409,8 +409,12 @@ ++++ lib/kadm5/marshall.c 2022-11-24 08:47:40.099673000 -0800 +@@ -407,10 +407,40 @@ + ret = krb5_ret_int32(sp, &mask); + if (ret) goto out; ++ if (mask & KADM5_CONFIG_REALM & KADM5_CONFIG_DBNAME ++ & KADM5_CONFIG_ACL_FILE & KADM5_CONFIG_STASH_FILE) { ++ ret = EINVAL; ++ goto out; ++ } params->mask = mask; - if(params->mask & KADM5_CONFIG_REALM) @@ -9,6 +16,27 @@ ret = krb5_ret_string(sp, ¶ms->realm); + if (params->realm == NULL) { + ret = EINVAL; ++ goto out; ++ } ++ } ++ if (params->mask & KADM5_CONFIG_DBNAME) { ++ ret = krb5_ret_string(sp, ¶ms->dbname); ++ if (params->dbname == NULL) { ++ ret = EINVAL; ++ goto out; ++ } ++ } ++ if (params->mask & KADM5_CONFIG_ACL_FILE) { ++ ret = krb5_ret_string(sp, ¶ms->acl_file); ++ if (params->acl_file == NULL) { ++ ret = EINVAL; ++ goto out; ++ } ++ } ++ if (params->mask & KADM5_CONFIG_STASH_FILE) { ++ ret = krb5_ret_string(sp, ¶ms->stash_file); ++ if (params->stash_file == NULL) { ++ ret = EINVAL; + } + } out:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202212052009.2B5K9KsP042529>