From 9b622f53e6cc6ae4da11bd9c6977d09c9192acbf Mon Sep 17 00:00:00 2001 From: tez Date: Tue, 21 Apr 2009 18:58:17 +0000 Subject: Add patches for CVE-2009-0846 & CVE-2009-0847 approved by agc --- security/mit-krb5/Makefile | 4 ++-- security/mit-krb5/distinfo | 5 ++++- security/mit-krb5/patches/patch-bn | 32 ++++++++++++++++++++++++++++++++ security/mit-krb5/patches/patch-bo | 10 ++++++++++ security/mit-krb5/patches/patch-bp | 25 +++++++++++++++++++++++++ 5 files changed, 73 insertions(+), 3 deletions(-) create mode 100644 security/mit-krb5/patches/patch-bn create mode 100644 security/mit-krb5/patches/patch-bo create mode 100644 security/mit-krb5/patches/patch-bp (limited to 'security/mit-krb5') diff --git a/security/mit-krb5/Makefile b/security/mit-krb5/Makefile index 6f5d1db5b57..491fe31be23 100644 --- a/security/mit-krb5/Makefile +++ b/security/mit-krb5/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.44 2008/12/11 09:42:25 wiz Exp $ +# $NetBSD: Makefile,v 1.45 2009/04/21 18:58:17 tez Exp $ DISTNAME= krb5-1.4.2 PKGNAME= mit-${DISTNAME:S/-signed$//} -PKGREVISION= 7 +PKGREVISION= 8 CATEGORIES= security MASTER_SITES= http://web.mit.edu/kerberos/dist/krb5/1.4/ DISTFILES= ${DISTNAME}-signed${EXTRACT_SUFX} diff --git a/security/mit-krb5/distinfo b/security/mit-krb5/distinfo index dbd61f07be4..a2121326989 100644 --- a/security/mit-krb5/distinfo +++ b/security/mit-krb5/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.21 2008/12/11 09:42:25 wiz Exp $ +$NetBSD: distinfo,v 1.22 2009/04/21 18:58:17 tez Exp $ SHA1 (krb5-1.4.2-signed.tar) = bbc03bd319d539fb9523c2545d80ba0784522e88 RMD160 (krb5-1.4.2-signed.tar) = 44500f5fab8e5959cf43f17f5f52f68e2dc73a1f @@ -42,3 +42,6 @@ SHA1 (patch-bj) = d0deae92b8b4d9ad671c98ccb3debd7a4216f646 SHA1 (patch-bk) = 9bf37086a4e7661e8aacc2736d21f61db154263e SHA1 (patch-bl) = d1239c8c8279680a97f7c555907ac1b4ccfca6b4 SHA1 (patch-bm) = d8e46f448fa4a51e3b8a42279cf1ab54b0598dd3 +SHA1 (patch-bn) = 82c6f98474f31e1e231d3e89d6a24e20ec7fd123 +SHA1 (patch-bo) = dcfeab32537f8b89e3ed6a52a69601e3e7822e35 +SHA1 (patch-bp) = 5308176a1229b5ac0d0f24eb2f657fdf48935f80 diff --git a/security/mit-krb5/patches/patch-bn b/security/mit-krb5/patches/patch-bn new file mode 100644 index 00000000000..32528119801 --- /dev/null +++ b/security/mit-krb5/patches/patch-bn @@ -0,0 +1,32 @@ +--- lib/krb5/asn.1/asn1buf.c.orig 2009-04-17 16:07:27.348357800 -0500 ++++ lib/krb5/asn.1/asn1buf.c 2009-04-17 16:23:10.726869700 -0500 +@@ -78,11 +78,11 @@ + + asn1_error_code asn1buf_imbed(asn1buf *subbuf, const asn1buf *buf, const unsigned int length, const int indef) + { ++ if (buf->next > buf->bound + 1) return ASN1_OVERRUN; + subbuf->base = subbuf->next = buf->next; + if (!indef) { ++ if (length > (size_t)(buf->bound + 1 - buf->next)) return ASN1_OVERRUN; + subbuf->bound = subbuf->base + length - 1; +- if (subbuf->bound > buf->bound) +- return ASN1_OVERRUN; + } else /* constructed indefinite */ + subbuf->bound = buf->bound; + return 0; +@@ -200,6 +200,7 @@ + { + int i; + ++ if (buf->next > buf->bound + 1) return ASN1_OVERRUN; + if (len > buf->bound + 1 - buf->next) return ASN1_OVERRUN; + if (len == 0) { + *s = 0; +@@ -218,6 +219,7 @@ + { + int i; + ++ if (buf->next > buf->bound + 1) return ASN1_OVERRUN; + if (len > buf->bound + 1 - buf->next) return ASN1_OVERRUN; + if (len == 0) { + *s = 0; diff --git a/security/mit-krb5/patches/patch-bo b/security/mit-krb5/patches/patch-bo new file mode 100644 index 00000000000..4e6939c92f3 --- /dev/null +++ b/security/mit-krb5/patches/patch-bo @@ -0,0 +1,10 @@ +--- lib/krb5/asn.1/asn1_decode.c.orig 2009-04-17 16:24:41.318878800 -0500 ++++ lib/krb5/asn.1/asn1_decode.c 2009-04-17 16:25:52.914274500 -0500 +@@ -231,6 +231,7 @@ + + if(length != 15) return ASN1_BAD_LENGTH; + retval = asn1buf_remove_charstring(buf,15,&s); ++ if (retval) return retval; + /* Time encoding: YYYYMMDDhhmmssZ */ + if(s[14] != 'Z') { + free(s); diff --git a/security/mit-krb5/patches/patch-bp b/security/mit-krb5/patches/patch-bp new file mode 100644 index 00000000000..3bc1fb177f0 --- /dev/null +++ b/security/mit-krb5/patches/patch-bp @@ -0,0 +1,25 @@ +--- tests/asn.1/krb5_decode_test.c.orig 2009-04-17 16:25:31.678326000 -0500 ++++ tests/asn.1/krb5_decode_test.c 2009-04-17 16:26:03.499429900 -0500 +@@ -485,6 +485,22 @@ + ktest_destroy_keyblock(&(ref.subkey)); + ref.seq_number = 0; + decode_run("ap_rep_enc_part","(optionals NULL)","7B 1C 30 1A A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2 40",decode_krb5_ap_rep_enc_part,ktest_equal_ap_rep_enc_part,krb5_free_ap_rep_enc_part); ++ ++ retval = krb5_data_hex_parse(&code, "7B 06 30 04 A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2 40"); ++ if (retval) { ++ com_err("krb5_decode_test", retval, "while parsing"); ++ exit(1); ++ } ++ retval = decode_krb5_ap_rep_enc_part(&code, &var); ++ if (retval != ASN1_OVERRUN) { ++ printf("ERROR: "); ++ } else { ++ printf("OK: "); ++ } ++ printf("ap_rep_enc_part(optionals NULL + expect ASN1_OVERRUN for inconsistent length of timestamp)\n"); ++ krb5_free_data_contents(test_context, &code); ++ krb5_free_ap_rep_enc_part(test_context, var); ++ + ktest_empty_ap_rep_enc_part(&ref); + } + -- cgit v1.2.3