diff options
Diffstat (limited to 'security/mit-krb5/patches/patch-plugins_preauth_pkinit_pkinit_crypto_openssl.c')
-rw-r--r-- | security/mit-krb5/patches/patch-plugins_preauth_pkinit_pkinit_crypto_openssl.c | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/security/mit-krb5/patches/patch-plugins_preauth_pkinit_pkinit_crypto_openssl.c b/security/mit-krb5/patches/patch-plugins_preauth_pkinit_pkinit_crypto_openssl.c new file mode 100644 index 00000000000..4d09543ce03 --- /dev/null +++ b/security/mit-krb5/patches/patch-plugins_preauth_pkinit_pkinit_crypto_openssl.c @@ -0,0 +1,24 @@ +$NetBSD: patch-plugins_preauth_pkinit_pkinit_crypto_openssl.c,v 1.1 2013/02/28 14:19:36 tez Exp $ + +Patch for CVE-2013-1415 from +http://krbdev.mit.edu/rt/Ticket/Display.html?id=7570 + +--- plugins/preauth/pkinit/pkinit_crypto_openssl.c.orig 2013-02-27 22:15:40.286439500 +0000 ++++ plugins/preauth/pkinit/pkinit_crypto_openssl.c +@@ -3242,7 +3242,7 @@ pkinit_check_kdc_pkid(krb5_context conte + pkiDebug("found kdcPkId in AS REQ\n"); + is = d2i_PKCS7_ISSUER_AND_SERIAL(NULL, &p, (int)pkid_len); + if (is == NULL) +- goto cleanup; ++ return retval; + + status = X509_NAME_cmp(X509_get_issuer_name(kdc_cert), is->issuer); + if (!status) { +@@ -3252,7 +3252,6 @@ pkinit_check_kdc_pkid(krb5_context conte + } + + retval = 0; +-cleanup: + X509_NAME_free(is->issuer); + ASN1_INTEGER_free(is->serial); + free(is); |