projects / openwrt / svn-archive / archive.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
[packages] krb5: MIT krb5 Security Advisory 2011-002 (CVE-2011-0281, CVE-2011-0283)
[openwrt/svn-archive/archive.git] / net / krb5 / patches / 002-MITKRB5-SA-2011-002.patch
1 diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
2 index 1ca09b4..60caf3d 100644
3 --- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
4 +++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
5 @@ -102,14 +102,18 @@ extern void prepend_err_str (krb5_context ctx, const char *s, krb5_error_code er
6 #define LDAP_SEARCH(base, scope, filter, attrs) LDAP_SEARCH_1(base, scope, filter, attrs, CHECK_STATUS)
7
8 #define LDAP_SEARCH_1(base, scope, filter, attrs, status_check) \
9 - do { \
10 - st = ldap_search_ext_s(ld, base, scope, filter, attrs, 0, NULL, NULL, &timelimit, LDAP_NO_LIMIT, &result); \
11 - if (translate_ldap_error(st, OP_SEARCH) == KRB5_KDB_ACCESS_ERROR) { \
12 - tempst = krb5_ldap_rebind(ldap_context, &ldap_server_handle); \
13 - if (ldap_server_handle) \
14 - ld = ldap_server_handle->ldap_handle; \
15 - } \
16 - }while (translate_ldap_error(st, OP_SEARCH) == KRB5_KDB_ACCESS_ERROR && tempst == 0); \
17 + tempst = 0; \
18 + st = ldap_search_ext_s(ld, base, scope, filter, attrs, 0, NULL, \
19 + NULL, &timelimit, LDAP_NO_LIMIT, &result); \
20 + if (translate_ldap_error(st, OP_SEARCH) == KRB5_KDB_ACCESS_ERROR) { \
21 + tempst = krb5_ldap_rebind(ldap_context, &ldap_server_handle); \
22 + if (ldap_server_handle) \
23 + ld = ldap_server_handle->ldap_handle; \
24 + if (tempst == 0) \
25 + st = ldap_search_ext_s(ld, base, scope, filter, attrs, 0, \
26 + NULL, NULL, &timelimit, \
27 + LDAP_NO_LIMIT, &result); \
28 + } \
29 \
30 if (status_check != IGNORE_STATUS) { \
31 if (tempst != 0) { \
32 diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c
33 index 82b0333..84e80ee 100644
34 --- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c
35 +++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c
36 @@ -302,6 +302,7 @@ krb5_ldap_rebind(krb5_ldap_context *ldap_context,
37 {
38 krb5_ldap_server_handle *handle = *ldap_server_handle;
39
40 + ldap_unbind_ext_s(handle->ldap_handle, NULL, NULL);
41 if ((ldap_initialize(&handle->ldap_handle, handle->server_info->server_name) != LDAP_SUCCESS)
42 || (krb5_ldap_bind(ldap_context, handle) != LDAP_SUCCESS))
43 return krb5_ldap_request_next_handle_from_pool(ldap_context, ldap_server_handle);
44 diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
45 index f549e23..b70940f 100644
46 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
47 +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
48 @@ -446,12 +446,11 @@ is_principal_in_realm(krb5_ldap_context *ldap_context,
49 * portion, then the first portion of the principal name SHOULD be
50 * "krbtgt". All this check is done in the immediate block.
51 */
52 - if (searchfor->length == 2)
53 - if ((strncasecmp(searchfor->data[0].data, "krbtgt",
54 - FIND_MAX(searchfor->data[0].length, strlen("krbtgt"))) == 0) &&
55 - (strncasecmp(searchfor->data[1].data, defrealm,
56 - FIND_MAX(searchfor->data[1].length, defrealmlen)) == 0))
57 + if (searchfor->length == 2) {
58 + if (data_eq_string(searchfor->data[0], "krbtgt") &&
59 + data_eq_string(searchfor->data[1], defrealm))
60 return 0;
61 + }
62
63 /* first check the length, if they are not equal, then they are not same */
64 if (strlen(defrealm) != searchfor->realm.length)
65 diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
66 index 7ad31da..626ed1f 100644
67 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
68 +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
69 @@ -103,10 +103,10 @@ krb5_ldap_get_principal(krb5_context context, krb5_const_principal searchfor,
70 unsigned int flags, krb5_db_entry *entries,
71 int *nentries, krb5_boolean *more)
72 {
73 - char *user=NULL, *filter=NULL, **subtree=NULL;
74 + char *user=NULL, *filter=NULL, *filtuser=NULL;
75 unsigned int tree=0, ntrees=1, princlen=0;
76 krb5_error_code tempst=0, st=0;
77 - char **values=NULL, *cname=NULL;
78 + char **values=NULL, **subtree=NULL, *cname=NULL;
79 LDAP *ld=NULL;
80 LDAPMessage *result=NULL, *ent=NULL;
81 krb5_ldap_context *ldap_context=NULL;
82 @@ -142,12 +142,18 @@ krb5_ldap_get_principal(krb5_context context, krb5_const_principal searchfor,
83 if ((st=krb5_ldap_unparse_principal_name(user)) != 0)
84 goto cleanup;
85
86 - princlen = strlen(FILTER) + strlen(user) + 2 + 1; /* 2 for closing brackets */
87 + filtuser = ldap_filter_correct(user);
88 + if (filtuser == NULL) {
89 + st = ENOMEM;
90 + goto cleanup;
91 + }
92 +
93 + princlen = strlen(FILTER) + strlen(filtuser) + 2 + 1; /* 2 for closing brackets */
94 if ((filter = malloc(princlen)) == NULL) {
95 st = ENOMEM;
96 goto cleanup;
97 }
98 - snprintf(filter, princlen, FILTER"%s))", user);
99 + snprintf(filter, princlen, FILTER"%s))", filtuser);
100
101 if ((st = krb5_get_subtree_info(ldap_context, &subtree, &ntrees)) != 0)
102 goto cleanup;
103 @@ -231,6 +237,9 @@ cleanup:
104 if (user)
105 free(user);
106
107 + if (filtuser)
108 + free(filtuser);
109 +
110 if (cname)
111 free(cname);
112
OpenWrt SVN history