Add patch for CVE-2014-5351 from:

 http://krbdev.mit.edu/rt/Ticket/Display.html?id=8018
 https://github.com/krb5/krb5/commit/3bf9e33f9d66c0eef486cbd83f9e4f13a74d12c3.diff

3 files changed, 55 insertions, 3 deletions

diff --git a/security/mit-krb5/Makefile b/security/mit-krb5/Makefile
index 15233677abb..61a45bb4e12 100644
--- a/security/mit-krb5/Makefile
+++ b/security/mit-krb5/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.76 2014/08/28 22:23:05 tez Exp $
+# $NetBSD: Makefile,v 1.77 2014/11/25 23:40:49 tez Exp $
 
 DISTNAME=	krb5-1.10.7
 PKGNAME=	mit-${DISTNAME}
-PKGREVISION=	3
+PKGREVISION=	4
 CATEGORIES=	security
 MASTER_SITES=	http://web.mit.edu/kerberos/dist/krb5/${PKGVERSION_NOREV:R}/
 EXTRACT_SUFX=	.tar
diff --git a/security/mit-krb5/distinfo b/security/mit-krb5/distinfo
index ccc9b532649..abeb8602a2c 100644
--- a/security/mit-krb5/distinfo
+++ b/security/mit-krb5/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.48 2014/08/28 22:23:05 tez Exp $
+$NetBSD: distinfo,v 1.49 2014/11/25 23:40:49 tez Exp $
 
 SHA1 (2014-001-patch.txt) = 919402bf3b7c289e847e9adc03a7c30f26966769
 RMD160 (2014-001-patch.txt) = a39c8e12e79ab273d562b04c1e7811c414dd70e8
@@ -9,6 +9,7 @@ Size (krb5-1.10.7-signed.tar) = 11632640 bytes
 SHA1 (patch-CVE-2014-4341) = 97b316fb3c5dfc626827a13baa5dcf623d67da3c
 SHA1 (patch-CVE-2014-4343) = e7d4604d81671f71c9cd9461b65a9e87b5982baa
 SHA1 (patch-CVE-2014-4344) = b7ae530beaffcf1c095e6f94bdf608b7a140b064
+SHA1 (patch-CVE-2014-5351) = 2948e2a9f7adb97b8cb70bb8f0043c45e5822465
 SHA1 (patch-aa) = 941848a1773dfbe51dff3134d4b8504a850a958d
 SHA1 (patch-ad) = b56a7218007560470179dd811c84b8c690c966ac
 SHA1 (patch-ae) = c7395b9de5baf6612b8787fad55dbc051a680bfd
diff --git a/security/mit-krb5/patches/patch-CVE-2014-5351 b/security/mit-krb5/patches/patch-CVE-2014-5351
new file mode 100644
index 00000000000..49534c6c8b5
--- /dev/null
+++ b/security/mit-krb5/patches/patch-CVE-2014-5351
@@ -0,0 +1,51 @@
+$NetBSD: patch-CVE-2014-5351,v 1.1 2014/11/25 23:40:49 tez Exp $
+
+Patch for CVE-2014-5351 from:
+http://krbdev.mit.edu/rt/Ticket/Display.html?id=8018
+https://github.com/krb5/krb5/commit/3bf9e33f9d66c0eef486cbd83f9e4f13a74d12c3.diff
+
+
+--- lib/kadm5/srv/svr_principal.c.orig	2014-11-25 17:09:26.278975276 -0600
++++ lib/kadm5/srv/svr_principal.c	2014-11-25 17:11:45.406746599 -0600
+@@ -200,6 +200,20 @@
+     *passptr = NULL;
+ }
+ 
++/* Return the number of keys with the newest kvno.  Assumes that all key data
++ * with the newest kvno are at the front of the key data array. */
++static int
++count_new_keys(int n_key_data, krb5_key_data *key_data)
++{
++    int n;
++
++    for (n = 1; n < n_key_data; n++) {
++        if (key_data[n - 1].key_data_kvno != key_data[n].key_data_kvno)
++            return n;
++    }
++    return n_key_data;
++}
++
+ kadm5_ret_t
+ kadm5_create_principal(void *server_handle,
+                        kadm5_principal_ent_t entry, long mask,
+@@ -1581,7 +1595,7 @@
+     osa_princ_ent_rec           adb;
+     krb5_int32                  now;
+     kadm5_policy_ent_rec        pol;
+-    int                         ret, last_pwd, have_pol = 0;
++    int                         ret, last_pwd, n_new_keys, have_pol = 0;
+     kadm5_server_handle_t       handle = server_handle;
+     krb5_keyblock               *act_mkey;
+ 
+@@ -1667,8 +1681,9 @@
+     kdb->fail_auth_count = 0;
+ 
+     if (keyblocks) {
+-        ret = decrypt_key_data(handle->context,
+-                               kdb->n_key_data, kdb->key_data,
++        /* Return only the new keys added by krb5_dbe_crk. */
++        n_new_keys = count_new_keys(kdb->n_key_data, kdb->key_data);
++        ret = decrypt_key_data(handle->context, n_new_keys, kdb->key_data,
+                                keyblocks, n_keys);
+         if (ret)
+             goto done;