mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-07-16 04:17:25 +00:00
krb5-CVE-2016-3119.patch
Backport <commit 08c642c09c38a9c6454ab43a9b53b2a89b9eef99> from krb5 upstream <https://github.com/krb5/krb5> to fix CVE-2016-3119 avoid remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal. Signed-off-by: Zhixiong Chi <Zhixiong.Chi@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit is contained in:
committed by
Armin Kuster
parent
3f95cc9086
commit
41ccc871ae
@@ -0,0 +1,36 @@
|
|||||||
|
Subject: kerb: Fix LDAP null deref on empty arg [CVE-2016-3119]
|
||||||
|
From: Greg Hudson
|
||||||
|
|
||||||
|
In the LDAP KDB module's process_db_args(), strtok_r() may return NULL
|
||||||
|
if there is an empty string in the db_args array. Check for this case
|
||||||
|
and avoid dereferencing a null pointer.
|
||||||
|
|
||||||
|
CVE-2016-3119:
|
||||||
|
|
||||||
|
In MIT krb5 1.6 and later, an authenticated attacker with permission
|
||||||
|
to modify a principal entry can cause kadmind to dereference a null
|
||||||
|
pointer by supplying an empty DB argument to the modify_principal
|
||||||
|
command, if kadmind is configured to use the LDAP KDB module.
|
||||||
|
|
||||||
|
CVSSv2 Vector: AV:N/AC:H/Au:S/C:N/I:N/A:C/E:H/RL:OF/RC:ND
|
||||||
|
|
||||||
|
ticket: 8383 (new)
|
||||||
|
target_version: 1.14-next
|
||||||
|
target_version: 1.13-next
|
||||||
|
tags: pullup
|
||||||
|
|
||||||
|
Upstream-Status: Backport
|
||||||
|
|
||||||
|
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
|
||||||
|
Index: krb5-1.13.2/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
|
||||||
|
===================================================================
|
||||||
|
--- krb5-1.13.2.orig/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c 2015-05-09 07:27:02.000000000 +0800
|
||||||
|
+++ krb5-1.13.2/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c 2016-04-11 15:17:12.874140518 +0800
|
||||||
|
@@ -267,6 +267,7 @@
|
||||||
|
if (db_args) {
|
||||||
|
for (i=0; db_args[i]; ++i) {
|
||||||
|
arg = strtok_r(db_args[i], "=", &arg_val);
|
||||||
|
+ arg = (arg != NULL) ? arg : "";
|
||||||
|
if (strcmp(arg, TKTPOLICY_ARG) == 0) {
|
||||||
|
dptr = &xargs->tktpolicydn;
|
||||||
|
} else {
|
||||||
@@ -32,6 +32,7 @@ SRC_URI = "http://web.mit.edu/kerberos/dist/${BPN}/${SHRT_VER}/${BP}-signed.tar
|
|||||||
file://etc/init.d/krb5-admin-server \
|
file://etc/init.d/krb5-admin-server \
|
||||||
file://etc/default/krb5-kdc \
|
file://etc/default/krb5-kdc \
|
||||||
file://etc/default/krb5-admin-server \
|
file://etc/default/krb5-admin-server \
|
||||||
|
file://krb5-CVE-2016-3119.patch;striplevel=2 \
|
||||||
"
|
"
|
||||||
SRC_URI[md5sum] = "f7ebfa6c99c10b16979ebf9a98343189"
|
SRC_URI[md5sum] = "f7ebfa6c99c10b16979ebf9a98343189"
|
||||||
SRC_URI[sha256sum] = "e528c30b0209c741f6f320cb83122ded92f291802b6a1a1dc1a01dcdb3ff6de1"
|
SRC_URI[sha256sum] = "e528c30b0209c741f6f320cb83122ded92f291802b6a1a1dc1a01dcdb3ff6de1"
|
||||||
|
|||||||
Reference in New Issue
Block a user