summaryrefslogtreecommitdiff
path: root/security/mit-krb5/patches/patch-plugins_preauth_pkinit_pkinit_crypto_openssl.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/mit-krb5/patches/patch-plugins_preauth_pkinit_pkinit_crypto_openssl.c')
-rw-r--r--security/mit-krb5/patches/patch-plugins_preauth_pkinit_pkinit_crypto_openssl.c24
1 files changed, 24 insertions, 0 deletions
diff --git a/security/mit-krb5/patches/patch-plugins_preauth_pkinit_pkinit_crypto_openssl.c b/security/mit-krb5/patches/patch-plugins_preauth_pkinit_pkinit_crypto_openssl.c
new file mode 100644
index 00000000000..4d09543ce03
--- /dev/null
+++ b/security/mit-krb5/patches/patch-plugins_preauth_pkinit_pkinit_crypto_openssl.c
@@ -0,0 +1,24 @@
+$NetBSD: patch-plugins_preauth_pkinit_pkinit_crypto_openssl.c,v 1.1 2013/02/28 14:19:36 tez Exp $
+
+Patch for CVE-2013-1415 from
+http://krbdev.mit.edu/rt/Ticket/Display.html?id=7570
+
+--- plugins/preauth/pkinit/pkinit_crypto_openssl.c.orig 2013-02-27 22:15:40.286439500 +0000
++++ plugins/preauth/pkinit/pkinit_crypto_openssl.c
+@@ -3242,7 +3242,7 @@ pkinit_check_kdc_pkid(krb5_context conte
+ pkiDebug("found kdcPkId in AS REQ\n");
+ is = d2i_PKCS7_ISSUER_AND_SERIAL(NULL, &p, (int)pkid_len);
+ if (is == NULL)
+- goto cleanup;
++ return retval;
+
+ status = X509_NAME_cmp(X509_get_issuer_name(kdc_cert), is->issuer);
+ if (!status) {
+@@ -3252,7 +3252,6 @@ pkinit_check_kdc_pkid(krb5_context conte
+ }
+
+ retval = 0;
+-cleanup:
+ X509_NAME_free(is->issuer);
+ ASN1_INTEGER_free(is->serial);
+ free(is);
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-17 05:14:53 +0000