git: 678bdaf21b9a - main - security/heimdal*: Fix NULL dereference when mangled realm message
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 24 Nov 2022 17:27:07 UTC
The branch main has been updated by cy:
URL: https://cgit.FreeBSD.org/ports/commit/?id=678bdaf21b9a05d99e0aceecd414782926e57ae4
commit 678bdaf21b9a05d99e0aceecd414782926e57ae4
Author: Cy Schubert <cy@FreeBSD.org>
AuthorDate: 2022-11-24 16:37:45 +0000
Commit: Cy Schubert <cy@FreeBSD.org>
CommitDate: 2022-11-24 17:22:01 +0000
security/heimdal*: Fix NULL dereference when mangled realm message
Fix a NULL dereference in _kadm5_s_init_context() when the client
sends a mangled realm message.
PR: 267912
Reported by: Robert Morris <rtm@lcs.mit.edu>
MFH: 2022Q4
---
security/heimdal-devel/Makefile | 2 +-
security/heimdal-devel/files/patch-lib_kadm5_marshall.c | 16 ++++++++++++++++
security/heimdal/Makefile | 2 +-
security/heimdal/files/patch-kadmin_server.c | 13 +++++++++++++
security/heimdal/files/patch-lib_kadm5_marshall.c | 16 ++++++++++++++++
5 files changed, 47 insertions(+), 2 deletions(-)
diff --git a/security/heimdal-devel/Makefile b/security/heimdal-devel/Makefile
index 5d03e274c83c..bdd92c199ab5 100644
--- a/security/heimdal-devel/Makefile
+++ b/security/heimdal-devel/Makefile
@@ -1,6 +1,6 @@
PORTNAME= heimdal
PORTVERSION= ${HEIMDAL_COMMIT_DATE}
-PORTREVISION= 3
+PORTREVISION= 4
CATEGORIES= security
PKGNAMESUFFIX= -devel
HASH= 8f9c2d115
diff --git a/security/heimdal-devel/files/patch-lib_kadm5_marshall.c b/security/heimdal-devel/files/patch-lib_kadm5_marshall.c
new file mode 100644
index 000000000000..8cc79bafcc8c
--- /dev/null
+++ b/security/heimdal-devel/files/patch-lib_kadm5_marshall.c
@@ -0,0 +1,16 @@
+--- lib/kadm5/marshall.c.orig 2022-11-17 16:55:32.000000000 -0800
++++ lib/kadm5/marshall.c 2022-11-24 08:17:04.255672000 -0800
+@@ -465,8 +465,12 @@
+ goto out;
+ params->mask = mask;
+
+- if(params->mask & KADM5_CONFIG_REALM)
++ if (params->mask & KADM5_CONFIG_REALM) {
+ ret = krb5_ret_string(sp, ¶ms->realm);
++ if (params->realm == NULL) {
++ ret = EINVAL;
++ }
++ }
+ out:
+ krb5_storage_free(sp);
+
diff --git a/security/heimdal/Makefile b/security/heimdal/Makefile
index 3d92a0c2fd3b..93995fde6703 100644
--- a/security/heimdal/Makefile
+++ b/security/heimdal/Makefile
@@ -1,6 +1,6 @@
PORTNAME= heimdal
PORTVERSION= 7.8.0
-PORTREVISION= 4
+PORTREVISION= 5
CATEGORIES= security
MASTER_SITES= https://github.com/heimdal/heimdal/releases/download/${DISTNAME}/
diff --git a/security/heimdal/files/patch-kadmin_server.c b/security/heimdal/files/patch-kadmin_server.c
new file mode 100644
index 000000000000..d4a2439f3bdb
--- /dev/null
+++ b/security/heimdal/files/patch-kadmin_server.c
@@ -0,0 +1,13 @@
+--- kadmin/server.c.orig 2022-09-15 16:54:19.000000000 -0700
++++ kadmin/server.c 2022-11-24 08:26:55.919761000 -0800
+@@ -787,7 +787,9 @@
+ ret = krb5_read_priv_message(contextp, ac, &fd, ¶ms);
+ if(ret)
+ krb5_err(contextp, 1, ret, "krb5_read_priv_message");
+- _kadm5_unmarshal_params(contextp, ¶ms, &realm_params);
++ ret = _kadm5_unmarshal_params(contextp, ¶ms, &realm_params);
++ if(ret)
++ krb5_err(contextp, 1, ret, "_kadm5_unmarshal_params");
+ }
+
+ initial = ticket->ticket.flags.initial;
diff --git a/security/heimdal/files/patch-lib_kadm5_marshall.c b/security/heimdal/files/patch-lib_kadm5_marshall.c
new file mode 100644
index 000000000000..d02a364d7011
--- /dev/null
+++ b/security/heimdal/files/patch-lib_kadm5_marshall.c
@@ -0,0 +1,16 @@
+--- lib/kadm5/marshall.c.orig 2022-09-15 16:54:19.000000000 -0700
++++ lib/kadm5/marshall.c 2022-11-24 08:26:55.920305000 -0800
+@@ -409,8 +409,12 @@
+ goto out;
+ params->mask = mask;
+
+- if(params->mask & KADM5_CONFIG_REALM)
++ if (params->mask & KADM5_CONFIG_REALM) {
+ ret = krb5_ret_string(sp, ¶ms->realm);
++ if (params->realm == NULL) {
++ ret = EINVAL;
++ }
++ }
+ out:
+ krb5_storage_free(sp);
+