git: 9b45d8eddfac - releng/13.2 - pam_krb5: Add missing patch
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 01 Aug 2023 20:04:15 UTC
The branch releng/13.2 has been updated by markj:
URL: https://cgit.FreeBSD.org/src/commit/?id=9b45d8eddfac906d9f78a84a9954f74c222a4ee2
commit 9b45d8eddfac906d9f78a84a9954f74c222a4ee2
Author: Cy Schubert <cy@FreeBSD.org>
AuthorDate: 2023-07-08 03:09:18 +0000
Commit: Mark Johnston <markj@FreeBSD.org>
CommitDate: 2023-08-01 19:50:30 +0000
pam_krb5: Add missing patch
Include a portion of the patch that was missed in 813847e49e35.
Reported by: markj
Fixes: 813847e49e35
(cherry picked from commit bfa51318dee8afd9307f15e49a6a521938dccd06)
(cherry picked from commit d295e418ae7e60d87af6576ecdfad41a98d7442c)
Approved by: so
Security: FreeBSD-SA-23:09.pam_krb5
Security: CVE-2023-3326
---
lib/libpam/modules/pam_krb5/pam_krb5.c | 12 ------------
1 file changed, 12 deletions(-)
diff --git a/lib/libpam/modules/pam_krb5/pam_krb5.c b/lib/libpam/modules/pam_krb5/pam_krb5.c
index 3972479a581f..3c7976297ed2 100644
--- a/lib/libpam/modules/pam_krb5/pam_krb5.c
+++ b/lib/libpam/modules/pam_krb5/pam_krb5.c
@@ -938,18 +938,6 @@ verify_krb_v5_tgt_begin(krb5_context context, char *pam_service, int debug,
continue;
break;
}
- if (retval != 0) { /* failed to find key */
- /* Keytab or service key does not exist */
- if (debug) {
- const char *msg = krb5_get_error_message(context,
- retval);
- syslog(LOG_DEBUG,
- "pam_krb5: verify_krb_v5_tgt(): %s: %s",
- "krb5_kt_read_service_key()", msg);
- krb5_free_error_message(context, msg);
- }
- retval = 0;
- }
if (keyblock)
krb5_free_keyblock(context, keyblock);