diff options
| author |   Eray Aslan <eras@gentoo.org> | 2010-11-05 21:34:12 +0000 |
|---|---|---|
| committer | Eray Aslan <eras@gentoo.org> | 2010-11-05 21:34:12 +0000 |
| commit | 68c37162f91ab94883ea5706f22272a12dc7ae03 (patch) | |
| tree | 51906dd84c6fa0f7fc45e3d8a25c35bb4448b1b9 /app-crypt/mit-krb5 | |
| parent | Fixed luasocket dependency. (diff) | |
| download | gentoo-2-68c37162f91ab94883ea5706f22272a12dc7ae03.tar.gz gentoo-2-68c37162f91ab94883ea5706f22272a12dc7ae03.tar.bz2 gentoo-2-68c37162f91ab94883ea5706f22272a12dc7ae03.zip | |
Remove old patches - bug #340195
(Portage version: 2.1.9.24/cvs/Linux x86_64)
Diffstat (limited to 'app-crypt/mit-krb5')
| -rw-r--r-- | app-crypt/mit-krb5/ChangeLog | 10 | ||||
| -rw-r--r-- | app-crypt/mit-krb5/files/1.6-CVE-2009-4212.patch | 268 | ||||
| -rw-r--r-- | app-crypt/mit-krb5/files/1.6-MITKRB5-SA-2008-001.patch | 331 | ||||
| -rw-r--r-- | app-crypt/mit-krb5/files/1.7-CVE-2009-4212.patch | 377 | ||||
| -rw-r--r-- | app-crypt/mit-krb5/files/CVE-2009-0844+CVE-2009-0847.patch | 48 | ||||
| -rw-r--r-- | app-crypt/mit-krb5/files/CVE-2009-0846.patch | 40 | ||||
| -rw-r--r-- | app-crypt/mit-krb5/files/CVE-2010-1320.patch | 20 | ||||
| -rw-r--r-- | app-crypt/mit-krb5/files/CVE-2010-1321.patch | 18 | ||||
| -rw-r--r-- | app-crypt/mit-krb5/files/MITKRB5-SA-2008-002.patch | 71 | ||||
| -rw-r--r-- | app-crypt/mit-krb5/files/mit-krb5-lazyldflags.patch | 19 |
10 files changed, 9 insertions, 1193 deletions
diff --git a/app-crypt/mit-krb5/ChangeLog b/app-crypt/mit-krb5/ChangeLog index 2232cba69d67..ad15be46ed6a 100644 --- a/app-crypt/mit-krb5/ChangeLog +++ b/app-crypt/mit-krb5/ChangeLog @@ -1,6 +1,14 @@ # ChangeLog for app-crypt/mit-krb5 # Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5/ChangeLog,v 1.232 2010/11/05 21:13:42 eras Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5/ChangeLog,v 1.233 2010/11/05 21:34:12 eras Exp $ + + 05 Nov 2010; Eray Aslan <eras@gentoo.org> + -files/1.6-MITKRB5-SA-2008-001.patch, -files/MITKRB5-SA-2008-002.patch, + -files/CVE-2009-0844+CVE-2009-0847.patch, + -files/mit-krb5-lazyldflags.patch, -files/CVE-2009-0846.patch, + -files/1.6-CVE-2009-4212.patch, -files/1.7-CVE-2009-4212.patch, + -files/CVE-2010-1320.patch, -files/CVE-2010-1321.patch: + Remove old patches - bug #340195 *mit-krb5-1.8.3-r1 (05 Nov 2010) diff --git a/app-crypt/mit-krb5/files/1.6-CVE-2009-4212.patch b/app-crypt/mit-krb5/files/1.6-CVE-2009-4212.patch deleted file mode 100644 index 7ed2e9967e2d..000000000000 --- a/app-crypt/mit-krb5/files/1.6-CVE-2009-4212.patch +++ /dev/null @@ -1,268 +0,0 @@ -Index: src/lib/crypto/Makefile.in -=================================================================== ---- src/lib/crypto/Makefile.in (revision 23398) -+++ src/lib/crypto/Makefile.in (working copy) -@@ -22,6 +22,7 @@ - $(srcdir)/t_hmac.c \ - $(srcdir)/t_pkcs5.c \ - $(srcdir)/t_cts.c \ -+ $(srcdir)/t_short.c \ - $(srcdir)/vectors.c - - ##DOSBUILDTOP = ..\.. -@@ -184,12 +185,13 @@ - - clean-unix:: clean-liblinks clean-libs clean-libobjs - --check-unix:: t_nfold t_encrypt t_prf t_prng t_hmac t_pkcs5 -+check-unix:: t_nfold t_encrypt t_prf t_prng t_hmac t_pkcs5 t_short - $(RUN_SETUP) $(VALGRIND) ./t_nfold - $(RUN_SETUP) $(VALGRIND) ./t_encrypt - $(RUN_SETUP) $(VALGRIND) ./t_prng <$(srcdir)/t_prng.seed >t_prng.output && \ - diff t_prng.output $(srcdir)/t_prng.expected - $(RUN_SETUP) $(VALGRIND) ./t_hmac -+ $(RUN_SETUP) $(VALGRIND) ./t_short - - # $(RUN_SETUP) $(VALGRIND) ./t_pkcs5 - -@@ -218,10 +220,14 @@ - $(CC_LINK) -o $@ t_cts.$(OBJEXT) \ - $(K5CRYPTO_LIB) $(COM_ERR_LIB) $(SUPPORT_LIB) - -+t_short$(EXEEXT): t_short.$(OBJEXT) $(CRYPTO_DEPLIB) $(SUPPORT_DEPLIB) -+ $(CC_LINK) -o $@ t_short.$(OBJEXT) \ -+ $(K5CRYPTO_LIB) $(COM_ERR_LIB) $(SUPPORT_LIB) - - clean:: - $(RM) t_nfold.o t_nfold t_encrypt t_encrypt.o t_prng.o t_prng \ -- t_hmac.o t_hmac t_pkcs5.o t_pkcs5 pbkdf2.o t_prf t_prf.o -+ t_hmac.o t_hmac t_pkcs5.o t_pkcs5 pbkdf2.o t_prf t_prf.o \ -+ t_short t_short.o - -$(RM) t_prng.output - - all-windows:: -@@ -761,6 +767,15 @@ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/hash_provider/hash_provider.h t_cts.c -+t_short.so t_short.po $(OUTPRE)t_short.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ -+ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ -+ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ -+ $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ -+ $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ -+ $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ -+ $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ -+ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ -+ t_short.c - vectors.so vectors.po $(OUTPRE)vectors.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ -Index: src/lib/crypto/arcfour/arcfour.c -=================================================================== ---- src/lib/crypto/arcfour/arcfour.c (revision 23398) -+++ src/lib/crypto/arcfour/arcfour.c (working copy) -@@ -203,6 +203,12 @@ - keylength = enc->keylength; - hashsize = hash->hashsize; - -+ /* Verify input and output lengths. */ -+ if (input->length < hashsize + CONFOUNDERLENGTH) -+ return KRB5_BAD_MSIZE; -+ if (output->length < input->length - hashsize - CONFOUNDERLENGTH) -+ return KRB5_BAD_MSIZE; -+ - d1.length=keybytes; - d1.data=malloc(d1.length); - if (d1.data == NULL) -Index: src/lib/crypto/enc_provider/aes.c -=================================================================== ---- src/lib/crypto/enc_provider/aes.c (revision 23398) -+++ src/lib/crypto/enc_provider/aes.c (working copy) -@@ -94,9 +94,11 @@ - nblocks = (input->length + BLOCK_SIZE - 1) / BLOCK_SIZE; - - if (nblocks == 1) { -- /* XXX Used for DK function. */ -+ /* Used when deriving keys. */ -+ if (input->length < BLOCK_SIZE) -+ return KRB5_BAD_MSIZE; - enc(output->data, input->data, &ctx); -- } else { -+ } else if (nblocks > 1) { - unsigned int nleft; - - for (blockno = 0; blockno < nblocks - 2; blockno++) { -@@ -149,9 +151,9 @@ - - if (nblocks == 1) { - if (input->length < BLOCK_SIZE) -- abort(); -+ return KRB5_BAD_MSIZE; - dec(output->data, input->data, &ctx); -- } else { -+ } else if (nblocks > 1) { - - for (blockno = 0; blockno < nblocks - 2; blockno++) { - dec(tmp2, input->data + blockno * BLOCK_SIZE, &ctx); -Index: src/lib/crypto/dk/dk_decrypt.c -=================================================================== ---- src/lib/crypto/dk/dk_decrypt.c (revision 23398) -+++ src/lib/crypto/dk/dk_decrypt.c (working copy) -@@ -89,6 +89,12 @@ - else if (hmacsize > hashsize) - return KRB5KRB_AP_ERR_BAD_INTEGRITY; - -+ /* Verify input and output lengths. */ -+ if (input->length < blocksize + hmacsize) -+ return KRB5_BAD_MSIZE; -+ if (output->length < input->length - blocksize - hmacsize) -+ return KRB5_BAD_MSIZE; -+ - enclen = input->length - hmacsize; - - if ((kedata = (unsigned char *) malloc(keylength)) == NULL) -Index: src/lib/crypto/raw/raw_decrypt.c -=================================================================== ---- src/lib/crypto/raw/raw_decrypt.c (revision 23398) -+++ src/lib/crypto/raw/raw_decrypt.c (working copy) -@@ -34,5 +34,7 @@ - const krb5_data *ivec, const krb5_data *input, - krb5_data *output) - { -+ if (output->length < input->length) -+ return KRB5_BAD_MSIZE; - return((*(enc->decrypt))(key, ivec, input, output)); - } -Index: src/lib/crypto/t_short.c -=================================================================== ---- src/lib/crypto/t_short.c (revision 0) -+++ src/lib/crypto/t_short.c (revision 0) -@@ -0,0 +1,112 @@ -+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -+/* -+ * lib/crypto/crypto_tests/t_short.c -+ * -+ * Copyright (C) 2009 by the Massachusetts Institute of Technology. -+ * All rights reserved. -+ * -+ * Export of this software from the United States of America may -+ * require a specific license from the United States Government. -+ * It is the responsibility of any person or organization contemplating -+ * export to obtain such a license before exporting. -+ * -+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and -+ * distribute this software and its documentation for any purpose and -+ * without fee is hereby granted, provided that the above copyright -+ * notice appear in all copies and that both that copyright notice and -+ * this permission notice appear in supporting documentation, and that -+ * the name of M.I.T. not be used in advertising or publicity pertaining -+ * to distribution of the software without specific, written prior -+ * permission. Furthermore if you modify this software you must label -+ * your software as modified software and not distribute it in such a -+ * fashion that it might be confused with the original M.I.T. software. -+ * M.I.T. makes no representations about the suitability of -+ * this software for any purpose. It is provided "as is" without express -+ * or implied warranty. -+ * -+ * Tests the outcome of decrypting overly short tokens. This program can be -+ * run under a tool like valgrind to detect bad memory accesses; when run -+ * normally by the test suite, it verifies that each operation returns -+ * KRB5_BAD_MSIZE. -+ */ -+ -+#include "k5-int.h" -+ -+krb5_enctype interesting_enctypes[] = { -+ ENCTYPE_DES_CBC_CRC, -+ ENCTYPE_DES_CBC_MD4, -+ ENCTYPE_DES_CBC_MD5, -+ ENCTYPE_DES3_CBC_SHA1, -+ ENCTYPE_ARCFOUR_HMAC, -+ ENCTYPE_ARCFOUR_HMAC_EXP, -+ ENCTYPE_AES256_CTS_HMAC_SHA1_96, -+ ENCTYPE_AES128_CTS_HMAC_SHA1_96, -+ 0 -+}; -+ -+/* Abort if an operation unexpectedly fails. */ -+static void -+x(krb5_error_code code) -+{ -+ if (code != 0) -+ abort(); -+} -+ -+/* Abort if a decrypt operation doesn't have the expected result. */ -+static void -+check_decrypt_result(krb5_error_code code, size_t len, size_t min_len) -+{ -+ if (len < min_len) { -+ /* Undersized tokens should always result in BAD_MSIZE. */ -+ if (code != KRB5_BAD_MSIZE) -+ abort(); -+ } else { -+ /* Min-size tokens should succeed or fail the integrity check. */ -+ if (code != 0 && code != KRB5KRB_AP_ERR_BAD_INTEGRITY) -+ abort(); -+ } -+} -+ -+static void -+test_enctype(krb5_enctype enctype) -+{ -+ krb5_error_code ret; -+ krb5_keyblock keyblock; -+ krb5_enc_data input; -+ krb5_data output; -+ size_t min_len, len; -+ -+ printf("Testing enctype %d\n", (int) enctype); -+ x(krb5_c_encrypt_length(NULL, enctype, 0, &min_len)); -+ x(krb5_c_make_random_key(NULL, enctype, &keyblock)); -+ input.enctype = enctype; -+ -+ /* Try each length up to the minimum length. */ -+ for (len = 0; len <= min_len; len++) { -+ input.ciphertext.data = calloc(len, 1); -+ input.ciphertext.length = len; -+ output.data = calloc(len, 1); -+ output.length = len; -+ -+ /* Attempt a normal decryption. */ -+ ret = krb5_c_decrypt(NULL, &keyblock, 0, NULL, &input, &output); -+ check_decrypt_result(ret, len, min_len); -+ -+ free(input.ciphertext.data); -+ free(output.data); -+ } -+} -+ -+int -+main(int argc, char **argv) -+{ -+ int i; -+ krb5_data notrandom; -+ -+ notrandom.data = "notrandom"; -+ notrandom.length = 9; -+ krb5_c_random_seed(NULL, ¬random); -+ for (i = 0; interesting_enctypes[i]; i++) -+ test_enctype(interesting_enctypes[i]); -+ return 0; -+} -Index: src/lib/crypto/old/old_decrypt.c -=================================================================== ---- src/lib/crypto/old/old_decrypt.c (revision 23398) -+++ src/lib/crypto/old/old_decrypt.c (working copy) -@@ -45,8 +45,10 @@ - blocksize = enc->block_size; - hashsize = hash->hashsize; - -+ /* Verify input and output lengths. */ -+ if (input->length < blocksize + hashsize || input->length % blocksize != 0) -+ return(KRB5_BAD_MSIZE); - plainsize = input->length - blocksize - hashsize; -- - if (arg_output->length < plainsize) - return(KRB5_BAD_MSIZE); - diff --git a/app-crypt/mit-krb5/files/1.6-MITKRB5-SA-2008-001.patch b/app-crypt/mit-krb5/files/1.6-MITKRB5-SA-2008-001.patch deleted file mode 100644 index cd352884b1c9..000000000000 --- a/app-crypt/mit-krb5/files/1.6-MITKRB5-SA-2008-001.patch +++ /dev/null @@ -1,331 +0,0 @@ ---- src/kdc/dispatch.c (revision 20192) -+++ src/kdc/dispatch.c (working copy) -@@ -1,7 +1,7 @@ - /* - * kdc/dispatch.c - * -- * Copyright 1990 by the Massachusetts Institute of Technology. -+ * Copyright 1990, 2007 by the Massachusetts Institute of Technology. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. -@@ -107,7 +107,7 @@ - retval = KRB5KRB_AP_ERR_MSG_TYPE; - #ifndef NOCACHE - /* put the response into the lookaside buffer */ -- if (!retval) -+ if (!retval && *response != NULL) - kdc_insert_lookaside(pkt, *response); - #endif - ---- src/kdc/kerberos_v4.c (revision 20192) -+++ src/kdc/kerberos_v4.c (working copy) -@@ -1,7 +1,7 @@ - /* - * kdc/kerberos_v4.c - * -- * Copyright 1985, 1986, 1987, 1988,1991 by the Massachusetts Institute -+ * Copyright 1985, 1986, 1987, 1988,1991,2007 by the Massachusetts Institute - * of Technology. - * All Rights Reserved. - * -@@ -87,11 +87,6 @@ - #define MSB_FIRST 0 /* 68000, IBM RT/PC */ - #define LSB_FIRST 1 /* Vax, PC8086 */ - --int f; -- --/* XXX several files in libkdb know about this */ --char *progname; -- - #ifndef BACKWARD_COMPAT - static Key_schedule master_key_schedule; - static C_Block master_key; -@@ -143,10 +138,8 @@ - #include "com_err.h" - #include "extern.h" /* to pick up master_princ */ - --static krb5_data *response; -- --void kerberos_v4 (struct sockaddr_in *, KTEXT); --void kerb_err_reply (struct sockaddr_in *, KTEXT, long, char *); -+static krb5_data *kerberos_v4 (struct sockaddr_in *, KTEXT); -+static krb5_data *kerb_err_reply (struct sockaddr_in *, KTEXT, long, char *); - static int set_tgtkey (char *, krb5_kvno, krb5_boolean); - - /* Attributes converted from V5 to V4 - internal representation */ -@@ -262,12 +255,12 @@ - (void) klog(L_KRB_PERR, "V4 request too long."); - return KRB5KRB_ERR_FIELD_TOOLONG; - } -+ memset( &v4_pkt, 0, sizeof(v4_pkt)); - v4_pkt.length = pkt->length; - v4_pkt.mbz = 0; - memcpy( v4_pkt.dat, pkt->data, pkt->length); - -- kerberos_v4( &client_sockaddr, &v4_pkt); -- *resp = response; -+ *resp = kerberos_v4( &client_sockaddr, &v4_pkt); - return(retval); - } - -@@ -300,19 +293,20 @@ - } - - static --int krb4_sendto(int s, const char *msg, int len, int flags, -- const struct sockaddr *to, int to_len) -+krb5_data *make_response(const char *msg, int len) - { -+ krb5_data *response; -+ - if ( !(response = (krb5_data *) malloc( sizeof *response))) { -- return ENOMEM; -+ return 0; - } - if ( !(response->data = (char *) malloc( len))) { - krb5_free_data(kdc_context, response); -- return ENOMEM; -+ return 0; - } - response->length = len; - memcpy( response->data, msg, len); -- return( 0); -+ return response; - } - static void - hang(void) -@@ -586,7 +580,7 @@ - *cp = 0; - } - --void -+static krb5_data * - kerberos_v4(struct sockaddr_in *client, KTEXT pkt) - { - static KTEXT_ST rpkt_st; -@@ -599,8 +593,8 @@ - KTEXT auth = &auth_st; - AUTH_DAT ad_st; - AUTH_DAT *ad = &ad_st; -+ krb5_data *response = 0; - -- - static struct in_addr client_host; - static int msg_byte_order; - static int swap_bytes; -@@ -637,8 +631,7 @@ - inet_ntoa(client_host)); - /* send an error reply */ - req_name_ptr = req_inst_ptr = req_realm_ptr = ""; -- kerb_err_reply(client, pkt, KERB_ERR_PKT_VER, lt); -- return; -+ return kerb_err_reply(client, pkt, KERB_ERR_PKT_VER, lt); - } - - /* check packet version */ -@@ -648,8 +641,7 @@ - KRB_PROT_VERSION, req_version, 0); - /* send an error reply */ - req_name_ptr = req_inst_ptr = req_realm_ptr = ""; -- kerb_err_reply(client, pkt, KERB_ERR_PKT_VER, lt); -- return; -+ return kerb_err_reply(client, pkt, KERB_ERR_PKT_VER, lt); - } - msg_byte_order = req_msg_type & 1; - -@@ -707,10 +699,10 @@ - - if ((i = check_princ(req_name_ptr, req_inst_ptr, 0, - &a_name_data, &k5key, 0, &ck5life))) { -- kerb_err_reply(client, pkt, i, "check_princ failed"); -+ response = kerb_err_reply(client, pkt, i, "check_princ failed"); - a_name_data.key_low = a_name_data.key_high = 0; - krb5_free_keyblock_contents(kdc_context, &k5key); -- return; -+ return response; - } - /* don't use k5key for client */ - krb5_free_keyblock_contents(kdc_context, &k5key); -@@ -722,11 +714,11 @@ - /* this does all the checking */ - if ((i = check_princ(service, instance, lifetime, - &s_name_data, &k5key, 1, &sk5life))) { -- kerb_err_reply(client, pkt, i, "check_princ failed"); -+ response = kerb_err_reply(client, pkt, i, "check_princ failed"); - a_name_data.key_high = a_name_data.key_low = 0; - s_name_data.key_high = s_name_data.key_low = 0; - krb5_free_keyblock_contents(kdc_context, &k5key); -- return; -+ return response; - } - /* Bound requested lifetime with service and user */ - v4req_end = krb_life_to_time(kerb_time.tv_sec, req_life); -@@ -797,8 +789,7 @@ - rpkt = create_auth_reply(req_name_ptr, req_inst_ptr, - req_realm_ptr, req_time_ws, 0, a_name_data.exp_date, - a_name_data.key_version, ciph); -- krb4_sendto(f, (char *) rpkt->dat, rpkt->length, 0, -- (struct sockaddr *) client, sizeof (struct sockaddr_in)); -+ response = make_response((char *) rpkt->dat, rpkt->length); - memset(&a_name_data, 0, sizeof(a_name_data)); - memset(&s_name_data, 0, sizeof(s_name_data)); - break; -@@ -824,9 +815,8 @@ - lt = klog(L_KRB_PERR, - "APPL request with realm length too long from %s", - inet_ntoa(client_host)); -- kerb_err_reply(client, pkt, RD_AP_INCON, -- "realm length too long"); -- return; -+ return kerb_err_reply(client, pkt, RD_AP_INCON, -+ "realm length too long"); - } - - auth->length += (int) *(pkt->dat + auth->length) + -@@ -835,9 +825,8 @@ - lt = klog(L_KRB_PERR, - "APPL request with funky tkt or req_id length from %s", - inet_ntoa(client_host)); -- kerb_err_reply(client, pkt, RD_AP_INCON, -- "funky tkt or req_id length"); -- return; -+ return kerb_err_reply(client, pkt, RD_AP_INCON, -+ "funky tkt or req_id length"); - } - - memcpy(auth->dat, pkt->dat, auth->length); -@@ -848,18 +837,16 @@ - if ((!allow_v4_crossrealm)&&strcmp(tktrlm, local_realm) != 0) { - lt = klog(L_ERR_UNK, - "Cross realm ticket from %s denied by policy,", tktrlm); -- kerb_err_reply(client, pkt, -- KERB_ERR_PRINCIPAL_UNKNOWN, lt); -- return; -+ return kerb_err_reply(client, pkt, -+ KERB_ERR_PRINCIPAL_UNKNOWN, lt); - } - if (set_tgtkey(tktrlm, kvno, 0)) { -- lt = klog(L_ERR_UNK, -+ lt = klog(L_ERR_UNK, - "FAILED set_tgtkey realm %s, kvno %d. Host: %s ", - tktrlm, kvno, inet_ntoa(client_host)); - /* no better error code */ -- kerb_err_reply(client, pkt, -- KERB_ERR_PRINCIPAL_UNKNOWN, lt); -- return; -+ return kerb_err_reply(client, pkt, -+ KERB_ERR_PRINCIPAL_UNKNOWN, lt); - } - kerno = krb_rd_req(auth, "krbtgt", tktrlm, client_host.s_addr, - ad, 0); -@@ -869,9 +856,8 @@ - "FAILED 3des set_tgtkey realm %s, kvno %d. Host: %s ", - tktrlm, kvno, inet_ntoa(client_host)); - /* no better error code */ -- kerb_err_reply(client, pkt, -- KERB_ERR_PRINCIPAL_UNKNOWN, lt); -- return; -+ return kerb_err_reply(client, pkt, -+ KERB_ERR_PRINCIPAL_UNKNOWN, lt); - } - kerno = krb_rd_req(auth, "krbtgt", tktrlm, client_host.s_addr, - ad, 0); -@@ -881,8 +867,7 @@ - klog(L_ERR_UNK, "FAILED krb_rd_req from %s: %s", - inet_ntoa(client_host), krb_get_err_text(kerno)); - req_name_ptr = req_inst_ptr = req_realm_ptr = ""; -- kerb_err_reply(client, pkt, kerno, "krb_rd_req failed"); -- return; -+ return kerb_err_reply(client, pkt, kerno, "krb_rd_req failed"); - } - ptr = (char *) pkt->dat + auth->length; - -@@ -904,22 +889,21 @@ - req_realm_ptr = ad->prealm; - - if (strcmp(ad->prealm, tktrlm)) { -- kerb_err_reply(client, pkt, KERB_ERR_PRINCIPAL_UNKNOWN, -- "Can't hop realms"); -- return; -+ return kerb_err_reply(client, pkt, KERB_ERR_PRINCIPAL_UNKNOWN, -+ "Can't hop realms"); - } - if (!strcmp(service, "changepw")) { -- kerb_err_reply(client, pkt, KERB_ERR_PRINCIPAL_UNKNOWN, -- "Can't authorize password changed based on TGT"); -- return; -+ return kerb_err_reply(client, pkt, KERB_ERR_PRINCIPAL_UNKNOWN, -+ "Can't authorize password changed based on TGT"); - } - kerno = check_princ(service, instance, req_life, - &s_name_data, &k5key, 1, &sk5life); - if (kerno) { -- kerb_err_reply(client, pkt, kerno, "check_princ failed"); -+ response = kerb_err_reply(client, pkt, kerno, -+ "check_princ failed"); - s_name_data.key_high = s_name_data.key_low = 0; - krb5_free_keyblock_contents(kdc_context, &k5key); -- return; -+ return response; - } - /* Bound requested lifetime with service and user */ - v4endtime = krb_life_to_time((KRB4_32)ad->time_sec, ad->life); -@@ -975,8 +959,7 @@ - rpkt = create_auth_reply(ad->pname, ad->pinst, - ad->prealm, time_ws, - 0, 0, 0, ciph); -- krb4_sendto(f, (char *) rpkt->dat, rpkt->length, 0, -- (struct sockaddr *) client, sizeof (struct sockaddr_in)); -+ response = make_response((char *) rpkt->dat, rpkt->length); - memset(&s_name_data, 0, sizeof(s_name_data)); - break; - } -@@ -1001,6 +984,7 @@ - break; - } - } -+ return response; - } - - -@@ -1010,7 +994,7 @@ - * client. - */ - --void -+static krb5_data * - kerb_err_reply(struct sockaddr_in *client, KTEXT pkt, long int err, char *string) - { - static KTEXT_ST e_pkt_st; -@@ -1021,9 +1005,7 @@ - strncat(e_msg, string, sizeof(e_msg) - 1 - 19); - cr_err_reply(e_pkt, req_name_ptr, req_inst_ptr, req_realm_ptr, - req_time_ws, err, e_msg); -- krb4_sendto(f, (char *) e_pkt->dat, e_pkt->length, 0, -- (struct sockaddr *) client, sizeof (struct sockaddr_in)); -- -+ return make_response((char *) e_pkt->dat, e_pkt->length); - } - - static int ---- src/kdc/network.c (revision 20192) -+++ src/kdc/network.c (working copy) -@@ -1,7 +1,7 @@ - /* - * kdc/network.c - * -- * Copyright 1990,2000 by the Massachusetts Institute of Technology. -+ * Copyright 1990,2000,2007 by the Massachusetts Institute of Technology. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. -@@ -747,6 +747,8 @@ - com_err(prog, retval, "while dispatching (udp)"); - return; - } -+ if (response == NULL) -+ return; - cc = sendto(port_fd, response->data, (socklen_t) response->length, 0, - (struct sockaddr *)&saddr, saddr_len); - if (cc == -1) { diff --git a/app-crypt/mit-krb5/files/1.7-CVE-2009-4212.patch b/app-crypt/mit-krb5/files/1.7-CVE-2009-4212.patch deleted file mode 100644 index df2edcade240..000000000000 --- a/app-crypt/mit-krb5/files/1.7-CVE-2009-4212.patch +++ /dev/null @@ -1,377 +0,0 @@ -Index: src/lib/crypto/Makefile.in -=================================================================== ---- src/lib/crypto/Makefile.in (revision 23398) -+++ src/lib/crypto/Makefile.in (working copy) -@@ -18,6 +18,7 @@ - $(srcdir)/t_nfold.c \ - $(srcdir)/t_cf2.c \ - $(srcdir)/t_encrypt.c \ -+ $(srcdir)/t_short.c \ - $(srcdir)/t_prf.c \ - $(srcdir)/t_prng.c \ - $(srcdir)/t_hmac.c \ -@@ -206,7 +207,7 @@ - - clean-unix:: clean-liblinks clean-libs clean-libobjs - --check-unix:: t_nfold t_encrypt t_prf t_prng t_hmac t_pkcs5 t_cf2 -+check-unix:: t_nfold t_encrypt t_prf t_prng t_hmac t_pkcs5 t_cf2 t_short - $(RUN_SETUP) $(VALGRIND) ./t_nfold - $(RUN_SETUP) $(VALGRIND) ./t_encrypt - $(RUN_SETUP) $(VALGRIND) ./t_prng <$(srcdir)/t_prng.seed >t_prng.output && \ -@@ -216,6 +217,7 @@ - diff t_prf.output $(srcdir)/t_prf.expected - $(RUN_SETUP) $(VALGRIND) ./t_cf2 <$(srcdir)/t_cf2.in >t_cf2.output - diff t_cf2.output $(srcdir)/t_cf2.expected -+ $(RUN_SETUP) $(VALGRIND) ./t_short - - - # $(RUN_SETUP) $(VALGRIND) ./t_pkcs5 -@@ -249,10 +251,15 @@ - $(CC_LINK) -o $@ t_cts.$(OBJEXT) \ - $(K5CRYPTO_LIB) $(COM_ERR_LIB) $(SUPPORT_LIB) - -+t_short$(EXEEXT): t_short.$(OBJEXT) $(CRYPTO_DEPLIB) $(SUPPORT_DEPLIB) -+ $(CC_LINK) -o $@ t_short.$(OBJEXT) \ -+ $(K5CRYPTO_LIB) $(COM_ERR_LIB) $(SUPPORT_LIB) - -+ - clean:: - $(RM) t_nfold.o t_nfold t_encrypt t_encrypt.o t_prng.o t_prng \ -- t_hmac.o t_hmac t_pkcs5.o t_pkcs5 pbkdf2.o t_prf t_prf.o t_cf2 t_cf2.o -+ t_hmac.o t_hmac t_pkcs5.o t_pkcs5 pbkdf2.o t_prf t_prf.o \ -+ t_cf2 t_cf2.o t_short t_short.o - -$(RM) t_prng.output - - all-windows:: -Index: src/lib/crypto/arcfour/arcfour.c -=================================================================== ---- src/lib/crypto/arcfour/arcfour.c (revision 23398) -+++ src/lib/crypto/arcfour/arcfour.c (working copy) -@@ -199,6 +199,12 @@ - keylength = enc->keylength; - hashsize = hash->hashsize; - -+ /* Verify input and output lengths. */ -+ if (input->length < hashsize + CONFOUNDERLENGTH) -+ return KRB5_BAD_MSIZE; -+ if (output->length < input->length - hashsize - CONFOUNDERLENGTH) -+ return KRB5_BAD_MSIZE; -+ - d1.length=keybytes; - d1.data=malloc(d1.length); - if (d1.data == NULL) -Index: src/lib/crypto/enc_provider/aes.c -=================================================================== ---- src/lib/crypto/enc_provider/aes.c (revision 23398) -+++ src/lib/crypto/enc_provider/aes.c (working copy) -@@ -105,9 +105,11 @@ - nblocks = (input->length + BLOCK_SIZE - 1) / BLOCK_SIZE; - - if (nblocks == 1) { -- /* XXX Used for DK function. */ -+ /* Used when deriving keys. */ -+ if (input->length < BLOCK_SIZE) -+ return KRB5_BAD_MSIZE; - enc(output->data, input->data, &ctx); -- } else { -+ } else if (nblocks > 1) { - unsigned int nleft; - - for (blockno = 0; blockno < nblocks - 2; blockno++) { -@@ -160,9 +162,9 @@ - - if (nblocks == 1) { - if (input->length < BLOCK_SIZE) -- abort(); -+ return KRB5_BAD_MSIZE; - dec(output->data, input->data, &ctx); -- } else { -+ } else if (nblocks > 1) { - - for (blockno = 0; blockno < nblocks - 2; blockno++) { - dec(tmp2, input->data + blockno * BLOCK_SIZE, &ctx); -@@ -208,6 +210,7 @@ - char tmp[BLOCK_SIZE], tmp2[BLOCK_SIZE]; - int nblocks = 0, blockno; - size_t input_length, i; -+ struct iov_block_state input_pos, output_pos; - - if (aes_enc_key(key->contents, key->length, &ctx) != aes_good) - abort(); -@@ -224,18 +227,20 @@ - input_length += iov->data.length; - } - -+ IOV_BLOCK_STATE_INIT(&input_pos); -+ IOV_BLOCK_STATE_INIT(&output_pos); -+ - nblocks = (input_length + BLOCK_SIZE - 1) / BLOCK_SIZE; -- -- assert(nblocks > 1); -- -- { -+ if (nblocks == 1) { -+ krb5int_c_iov_get_block((unsigned char *)tmp, BLOCK_SIZE, -+ data, num_data, &input_pos); -+ enc(tmp2, tmp, &ctx); -+ krb5int_c_iov_put_block(data, num_data, (unsigned char *)tmp2, -+ BLOCK_SIZE, &output_pos); -+ } else if (nblocks > 1) { - char blockN2[BLOCK_SIZE]; /* second last */ - char blockN1[BLOCK_SIZE]; /* last block */ -- struct iov_block_state input_pos, output_pos; - -- IOV_BLOCK_STATE_INIT(&input_pos); -- IOV_BLOCK_STATE_INIT(&output_pos); -- - for (blockno = 0; blockno < nblocks - 2; blockno++) { - char blockN[BLOCK_SIZE]; - -@@ -288,6 +293,7 @@ - char tmp[BLOCK_SIZE], tmp2[BLOCK_SIZE], tmp3[BLOCK_SIZE]; - int nblocks = 0, blockno, i; - size_t input_length; -+ struct iov_block_state input_pos, output_pos; - - CHECK_SIZES; - -@@ -306,18 +312,20 @@ - input_length += iov->data.length; - } - -+ IOV_BLOCK_STATE_INIT(&input_pos); -+ IOV_BLOCK_STATE_INIT(&output_pos); -+ - nblocks = (input_length + BLOCK_SIZE - 1) / BLOCK_SIZE; -- -- assert(nblocks > 1); -- -- { -+ if (nblocks == 1) { -+ krb5int_c_iov_get_block((unsigned char *)tmp, BLOCK_SIZE, -+ data, num_data, &input_pos); -+ dec(tmp2, tmp, &ctx); -+ krb5int_c_iov_put_block(data, num_data, (unsigned char *)tmp2, -+ BLOCK_SIZE, &output_pos); -+ } else if (nblocks > 1) { - char blockN2[BLOCK_SIZE]; /* second last */ - char blockN1[BLOCK_SIZE]; /* last block */ -- struct iov_block_state input_pos, output_pos; - -- IOV_BLOCK_STATE_INIT(&input_pos); -- IOV_BLOCK_STATE_INIT(&output_pos); -- - for (blockno = 0; blockno < nblocks - 2; blockno++) { - char blockN[BLOCK_SIZE]; - -Index: src/lib/crypto/dk/dk_aead.c -=================================================================== ---- src/lib/crypto/dk/dk_aead.c (revision 23398) -+++ src/lib/crypto/dk/dk_aead.c (working copy) -@@ -248,7 +248,7 @@ - for (i = 0; i < num_data; i++) { - const krb5_crypto_iov *iov = &data[i]; - -- if (ENCRYPT_DATA_IOV(iov)) -+ if (ENCRYPT_IOV(iov)) - cipherlen += iov->data.length; - } - -Index: src/lib/crypto/dk/dk_decrypt.c -=================================================================== ---- src/lib/crypto/dk/dk_decrypt.c (revision 23398) -+++ src/lib/crypto/dk/dk_decrypt.c (working copy) -@@ -89,6 +89,12 @@ - else if (hmacsize > hashsize) - return KRB5KRB_AP_ERR_BAD_INTEGRITY; - -+ /* Verify input and output lengths. */ -+ if (input->length < blocksize + hmacsize) -+ return KRB5_BAD_MSIZE; -+ if (output->length < input->length - blocksize - hmacsize) -+ return KRB5_BAD_MSIZE; -+ - enclen = input->length - hmacsize; - - if ((kedata = (unsigned char *) malloc(keylength)) == NULL) -Index: src/lib/crypto/raw/raw_decrypt.c -=================================================================== ---- src/lib/crypto/raw/raw_decrypt.c (revision 23398) -+++ src/lib/crypto/raw/raw_decrypt.c (working copy) -@@ -34,5 +34,7 @@ - const krb5_data *ivec, const krb5_data *input, - krb5_data *output) - { -+ if (output->length < input->length) -+ return KRB5_BAD_MSIZE; - return((*(enc->decrypt))(key, ivec, input, output)); - } -Index: src/lib/crypto/deps -=================================================================== ---- src/lib/crypto/deps (revision 23398) -+++ src/lib/crypto/deps (working copy) -@@ -463,6 +463,16 @@ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h etypes.h t_encrypt.c -+t_short.so t_short.po $(OUTPRE)t_short.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ -+ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ -+ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ -+ $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ -+ $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ -+ $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ -+ $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ -+ $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ -+ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ -+ t_short.c - t_prf.so t_prf.po $(OUTPRE)t_prf.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ -Index: src/lib/crypto/t_short.c -=================================================================== ---- src/lib/crypto/t_short.c (revision 0) -+++ src/lib/crypto/t_short.c (revision 0) -@@ -0,0 +1,126 @@ -+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -+/* -+ * lib/crypto/crypto_tests/t_short.c -+ * -+ * Copyright (C) 2009 by the Massachusetts Institute of Technology. -+ * All rights reserved. -+ * -+ * Export of this software from the United States of America may -+ * require a specific license from the United States Government. -+ * It is the responsibility of any person or organization contemplating -+ * export to obtain such a license before exporting. -+ * -+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and -+ * distribute this software and its documentation for any purpose and -+ * without fee is hereby granted, provided that the above copyright -+ * notice appear in all copies and that both that copyright notice and -+ * this permission notice appear in supporting documentation, and that -+ * the name of M.I.T. not be used in advertising or publicity pertaining -+ * to distribution of the software without specific, written prior -+ * permission. Furthermore if you modify this software you must label -+ * your software as modified software and not distribute it in such a -+ * fashion that it might be confused with the original M.I.T. software. -+ * M.I.T. makes no representations about the suitability of -+ * this software for any purpose. It is provided "as is" without express -+ * or implied warranty. -+ * -+ * Tests the outcome of decrypting overly short tokens. This program can be -+ * run under a tool like valgrind to detect bad memory accesses; when run -+ * normally by the test suite, it verifies that each operation returns -+ * KRB5_BAD_MSIZE. -+ */ -+ -+#include "k5-int.h" -+ -+krb5_enctype interesting_enctypes[] = { -+ ENCTYPE_DES_CBC_CRC, -+ ENCTYPE_DES_CBC_MD4, -+ ENCTYPE_DES_CBC_MD5, -+ ENCTYPE_DES3_CBC_SHA1, -+ ENCTYPE_ARCFOUR_HMAC, -+ ENCTYPE_ARCFOUR_HMAC_EXP, -+ ENCTYPE_AES256_CTS_HMAC_SHA1_96, -+ ENCTYPE_AES128_CTS_HMAC_SHA1_96, -+ 0 -+}; -+ -+/* Abort if an operation unexpectedly fails. */ -+static void -+x(krb5_error_code code) -+{ -+ if (code != 0) -+ abort(); -+} -+ -+/* Abort if a decrypt operation doesn't have the expected result. */ -+static void -+check_decrypt_result(krb5_error_code code, size_t len, size_t min_len) -+{ -+ if (len < min_len) { -+ /* Undersized tokens should always result in BAD_MSIZE. */ -+ if (code != KRB5_BAD_MSIZE) -+ abort(); -+ } else { -+ /* Min-size tokens should succeed or fail the integrity check. */ -+ if (code != 0 && code != KRB5KRB_AP_ERR_BAD_INTEGRITY) -+ abort(); -+ } -+} -+ -+static void -+test_enctype(krb5_enctype enctype) -+{ -+ krb5_error_code ret; -+ krb5_keyblock keyblock; -+ krb5_enc_data input; -+ krb5_data output; -+ krb5_crypto_iov iov[2]; -+ unsigned int dummy; -+ size_t min_len, len; -+ -+ printf("Testing enctype %d\n", (int) enctype); -+ x(krb5_c_encrypt_length(NULL, enctype, 0, &min_len)); -+ x(krb5_c_make_random_key(NULL, enctype, &keyblock)); -+ input.enctype = enctype; -+ -+ /* Try each length up to the minimum length. */ -+ for (len = 0; len <= min_len; len++) { -+ input.ciphertext.data = calloc(len, 1); -+ input.ciphertext.length = len; -+ output.data = calloc(len, 1); -+ output.length = len; -+ -+ /* Attempt a normal decryption. */ -+ ret = krb5_c_decrypt(NULL, &keyblock, 0, NULL, &input, &output); -+ check_decrypt_result(ret, len, min_len); -+ -+ if (krb5_c_crypto_length(NULL, enctype, KRB5_CRYPTO_TYPE_HEADER, -+ &dummy) == 0) { -+ /* Attempt an IOV stream decryption. */ -+ iov[0].flags = KRB5_CRYPTO_TYPE_STREAM; -+ iov[0].data = input.ciphertext; -+ iov[1].flags = KRB5_CRYPTO_TYPE_DATA; -+ iov[1].data.data = NULL; -+ iov[1].data.length = 0; -+ ret = krb5_c_decrypt_iov(NULL, &keyblock, 0, NULL, iov, 2); -+ check_decrypt_result(ret, len, min_len); -+ } -+ -+ free(input.ciphertext.data); -+ free(output.data); -+ } -+} -+ -+int -+main(int argc, char **argv) -+{ -+ int i; -+ krb5_data notrandom; -+ -+ notrandom.data = "notrandom"; -+ notrandom.length = 9; -+ krb5_c_random_seed(NULL, ¬random); -+ for (i = 0; interesting_enctypes[i]; i++) -+ test_enctype(interesting_enctypes[i]); -+ return 0; -+} -Index: src/lib/crypto/old/old_decrypt.c -=================================================================== ---- src/lib/crypto/old/old_decrypt.c (revision 23398) -+++ src/lib/crypto/old/old_decrypt.c (working copy) -@@ -45,8 +45,10 @@ - blocksize = enc->block_size; - hashsize = hash->hashsize; - -+ /* Verify input and output lengths. */ -+ if (input->length < blocksize + hashsize || input->length % blocksize != 0) -+ return(KRB5_BAD_MSIZE); - plainsize = input->length - blocksize - hashsize; -- - if (arg_output->length < plainsize) - return(KRB5_BAD_MSIZE); - diff --git a/app-crypt/mit-krb5/files/CVE-2009-0844+CVE-2009-0847.patch b/app-crypt/mit-krb5/files/CVE-2009-0844+CVE-2009-0847.patch deleted file mode 100644 index 310963c2390a..000000000000 --- a/app-crypt/mit-krb5/files/CVE-2009-0844+CVE-2009-0847.patch +++ /dev/null @@ -1,48 +0,0 @@ -Index: krb5-1.6.3/src/lib/gssapi/spnego/spnego_mech.c -=================================================================== ---- krb5-1.6.3.orig/src/lib/gssapi/spnego/spnego_mech.c -+++ krb5-1.6.3/src/lib/gssapi/spnego/spnego_mech.c -@@ -1815,7 +1815,8 @@ get_input_token(unsigned char **buff_in, - return (NULL); - - input_token->length = gssint_get_der_length(buff_in, buff_length, &bytes); -- if ((int)input_token->length == -1) { -+ if ((int)input_token->length == -1 || -+ input_token->length > buff_length) { - free(input_token); - return (NULL); - } -Index: krb5-1.6.3/src/lib/krb5/asn.1/asn1buf.c -=================================================================== ---- krb5-1.6.3.orig/src/lib/krb5/asn.1/asn1buf.c -+++ krb5-1.6.3/src/lib/krb5/asn.1/asn1buf.c -@@ -78,11 +78,11 @@ asn1_error_code asn1buf_wrap_data(asn1bu - - asn1_error_code asn1buf_imbed(asn1buf *subbuf, const asn1buf *buf, const unsigned int length, const int indef) - { -+ if (buf->next > buf->bound + 1) return ASN1_OVERRUN; - subbuf->base = subbuf->next = buf->next; - if (!indef) { -+ if (length > (size_t)(buf->bound + 1 - buf->next)) return ASN1_OVERRUN; - subbuf->bound = subbuf->base + length - 1; -- if (subbuf->bound > buf->bound) -- return ASN1_OVERRUN; - } else /* constructed indefinite */ - subbuf->bound = buf->bound; - return 0; -@@ -200,6 +200,7 @@ asn1_error_code asn1buf_remove_octetstri - { - int i; - -+ if (buf->next > buf->bound + 1) return ASN1_OVERRUN; - if (len > buf->bound + 1 - buf->next) return ASN1_OVERRUN; - if (len == 0) { - *s = 0; -@@ -218,6 +219,7 @@ asn1_error_code asn1buf_remove_charstrin - { - int i; - -+ if (buf->next > buf->bound + 1) return ASN1_OVERRUN; - if (len > buf->bound + 1 - buf->next) return ASN1_OVERRUN; - if (len == 0) { - *s = 0; diff --git a/app-crypt/mit-krb5/files/CVE-2009-0846.patch b/app-crypt/mit-krb5/files/CVE-2009-0846.patch deleted file mode 100644 index efbb9af889ee..000000000000 --- a/app-crypt/mit-krb5/files/CVE-2009-0846.patch +++ /dev/null @@ -1,40 +0,0 @@ -diff --git a/src/lib/krb5/asn.1/asn1_decode.c -b/src/lib/krb5/asn.1/asn1_decode.c -index aa4be32..5f7461d 100644 ---- a/src/lib/krb5/asn.1/asn1_decode.c -+++ b/src/lib/krb5/asn.1/asn1_decode.c -@@ -231,6 +231,7 @@ asn1_error_code asn1_decode_generaltime(asn1buf *buf, time_t *val) - - if(length != 15) return ASN1_BAD_LENGTH; - retval = asn1buf_remove_charstring(buf,15,&s); -+ if (retval) return retval; - /* Time encoding: YYYYMMDDhhmmssZ */ - if(s[14] != 'Z') { - free(s); -diff --git a/src/tests/asn.1/krb5_decode_test.c -b/src/tests/asn.1/krb5_decode_test.c -index 0ff9343..1c427d1 100644 ---- a/src/tests/asn.1/krb5_decode_test.c -+++ b/src/tests/asn.1/krb5_decode_test.c -@@ -485,5 +485,21 @@ int main(argc, argv) - ktest_destroy_keyblock(&(ref.subkey)); - ref.seq_number = 0; - decode_run("ap_rep_enc_part","(optionals NULL)","7B 1C 30 1A A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2 40",decode_krb5_ap_rep_enc_part,ktest_equal_ap_rep_enc_part,krb5_free_ap_rep_enc_part); -+ -+ retval = krb5_data_hex_parse(&code, "7B 06 30 04 A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2 40"); -+ if (retval) { -+ com_err("krb5_decode_test", retval, "while parsing"); -+ exit(1); -+ } -+ retval = decode_krb5_ap_rep_enc_part(&code, &var); -+ if (retval != ASN1_OVERRUN) { -+ printf("ERROR: "); -+ } else { -+ printf("OK: "); -+ } -+ printf("ap_rep_enc_part(optionals NULL + expect ASN1_OVERRUN for inconsistent length of timestamp)\n"); -+ krb5_free_data_contents(test_context, &code); -+ krb5_free_ap_rep_enc_part(test_context, var); -+ - ktest_empty_ap_rep_enc_part(&ref); - } diff --git a/app-crypt/mit-krb5/files/CVE-2010-1320.patch b/app-crypt/mit-krb5/files/CVE-2010-1320.patch deleted file mode 100644 index bb6261f48144..000000000000 --- a/app-crypt/mit-krb5/files/CVE-2010-1320.patch +++ /dev/null @@ -1,20 +0,0 @@ -diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c -index b2f0655..76ca94a 100644 ---- a/src/kdc/do_tgs_req.c -+++ b/src/kdc/do_tgs_req.c -@@ -543,6 +543,7 @@ tgt_again: - to the caller */ - ticket_reply = *(header_ticket); - enc_tkt_reply = *(header_ticket->enc_part2); -+ enc_tkt_reply.authorization_data = NULL; - clear(enc_tkt_reply.flags, TKT_FLG_INVALID); - } - -@@ -554,6 +555,7 @@ tgt_again: - to the caller */ - ticket_reply = *(header_ticket); - enc_tkt_reply = *(header_ticket->enc_part2); -+ enc_tkt_reply.authorization_data = NULL; - - old_life = enc_tkt_reply.times.endtime - enc_tkt_reply.times.starttime; - diff --git a/app-crypt/mit-krb5/files/CVE-2010-1321.patch b/app-crypt/mit-krb5/files/CVE-2010-1321.patch deleted file mode 100644 index 7f9f7a4c94af..000000000000 --- a/app-crypt/mit-krb5/files/CVE-2010-1321.patch +++ /dev/null @@ -1,18 +0,0 @@ -diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c -index ce3075f..6241055 100644 ---- a/src/lib/gssapi/krb5/accept_sec_context.c -+++ b/src/lib/gssapi/krb5/accept_sec_context.c -@@ -607,6 +607,13 @@ kg_accept_krb5(minor_status, context_handle, - } - #endif - -+ if (authdat->checksum == NULL) { -+ /* missing checksum counts as "inappropriate type" */ -+ code = KRB5KRB_AP_ERR_INAPP_CKSUM; -+ major_status = GSS_S_FAILURE; -+ goto fail; -+ } -+ - if (authdat->checksum->checksum_type != CKSUMTYPE_KG_CB) { - /* Samba does not send 0x8003 GSS-API checksums */ - krb5_boolean valid; diff --git a/app-crypt/mit-krb5/files/MITKRB5-SA-2008-002.patch b/app-crypt/mit-krb5/files/MITKRB5-SA-2008-002.patch deleted file mode 100644 index b2ec6df1af5e..000000000000 --- a/app-crypt/mit-krb5/files/MITKRB5-SA-2008-002.patch +++ /dev/null @@ -1,71 +0,0 @@ ---- src/lib/rpc/svc.c (revision 1666) -+++ src/lib/rpc/svc.c (local) -@@ -109,15 +109,17 @@ - if (sock < FD_SETSIZE) { - xports[sock] = xprt; - FD_SET(sock, &svc_fdset); -+ if (sock > svc_maxfd) -+ svc_maxfd = sock; - } - #else - if (sock < NOFILE) { - xports[sock] = xprt; - svc_fds |= (1 << sock); -+ if (sock > svc_maxfd) -+ svc_maxfd = sock; - } - #endif /* def FD_SETSIZE */ -- if (sock > svc_maxfd) -- svc_maxfd = sock; - } - - /* ---- src/lib/rpc/svc_tcp.c (revision 1666) -+++ src/lib/rpc/svc_tcp.c (local) -@@ -54,6 +54,14 @@ - extern errno; - */ - -+#ifndef FD_SETSIZE -+#ifdef NBBY -+#define NOFILE (sizeof(int) * NBBY) -+#else -+#define NOFILE (sizeof(int) * 8) -+#endif -+#endif -+ - /* - * Ops vector for TCP/IP based rpc service handle - */ -@@ -221,6 +221,19 @@ - register SVCXPRT *xprt; - register struct tcp_conn *cd; - -+#ifdef FD_SETSIZE -+ if (fd >= FD_SETSIZE) { -+ (void) fprintf(stderr, "svc_tcp: makefd_xprt: fd too high\n"); -+ xprt = NULL; -+ goto done; -+ } -+#else -+ if (fd >= NOFILE) { -+ (void) fprintf(stderr, "svc_tcp: makefd_xprt: fd too high\n"); -+ xprt = NULL; -+ goto done; -+ } -+#endif - xprt = (SVCXPRT *)mem_alloc(sizeof(SVCXPRT)); - if (xprt == (SVCXPRT *)NULL) { - (void) fprintf(stderr, "svc_tcp: makefd_xprt: out of memory\n"); -@@ -271,6 +292,10 @@ - * make a new transporter (re-uses xprt) - */ - xprt = makefd_xprt(sock, r->sendsize, r->recvsize); -+ if (xprt == NULL) { -+ close(sock); -+ return (FALSE); -+ } - xprt->xp_raddr = addr; - xprt->xp_addrlen = len; - xprt->xp_laddr = laddr; - diff --git a/app-crypt/mit-krb5/files/mit-krb5-lazyldflags.patch b/app-crypt/mit-krb5/files/mit-krb5-lazyldflags.patch deleted file mode 100644 index ad2adc1dd0dc..000000000000 --- a/app-crypt/mit-krb5/files/mit-krb5-lazyldflags.patch +++ /dev/null @@ -1,19 +0,0 @@ ---- krb5-1.4/src/clients/ksu/Makefile.in.orig 2004-04-29 18:51:10.000000000 -0400 -+++ krb5-1.4/src/clients/ksu/Makefile.in 2005-04-28 16:51:37.000000000 -0400 -@@ -8,6 +8,7 @@ - PROG_RPATH=$(KRB5_LIBDIR) - - KSU_LIBS=@KSU_LIBS@ -+LAZY_LDFLAGS=-Wl,-z,now - - SRCS = \ - $(srcdir)/krb_auth_su.c \ -@@ -28,7 +29,7 @@ - all:: ksu - - ksu: $(OBJS) $(KRB5_BASE_DEPLIBS) -- $(CC_LINK) -o $@ $(OBJS) $(KRB5_BASE_LIBS) $(KSU_LIBS) -+ $(CC_LINK) -o $@ $(OBJS) $(KRB5_BASE_LIBS) $(KSU_LIBS) $(LAZY_LDFLAGS) - - clean:: - $(RM) ksu |