git: abe05d13d575 - releng/12.4 - pam_krb5: Add missing patch
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 01 Aug 2023 20:06:24 UTC
The branch releng/12.4 has been updated by markj:
URL: https://cgit.FreeBSD.org/src/commit/?id=abe05d13d575f0299653067614169460d33aab13
commit abe05d13d575f0299653067614169460d33aab13
Author: Cy Schubert <cy@FreeBSD.org>
AuthorDate: 2023-07-08 03:09:18 +0000
Commit: Mark Johnston <markj@FreeBSD.org>
CommitDate: 2023-08-01 19:46:53 +0000
pam_krb5: Add missing patch
Include a portion of the patch that was missed in 813847e49e35.
Reported by: markj
Fixes: 813847e49e35
(cherry picked from commit bfa51318dee8afd9307f15e49a6a521938dccd06)
(cherry picked from commit 6edaf8c7aeada2ab6b84c8ce56fc179d5cf2eecd)
Approved by: so
Security: FreeBSD-SA-23:09.pam_krb5
Security: CVE-2023-3326
---
lib/libpam/modules/pam_krb5/pam_krb5.c | 12 ------------
1 file changed, 12 deletions(-)
diff --git a/lib/libpam/modules/pam_krb5/pam_krb5.c b/lib/libpam/modules/pam_krb5/pam_krb5.c
index 3972479a581f..3c7976297ed2 100644
--- a/lib/libpam/modules/pam_krb5/pam_krb5.c
+++ b/lib/libpam/modules/pam_krb5/pam_krb5.c
@@ -938,18 +938,6 @@ verify_krb_v5_tgt_begin(krb5_context context, char *pam_service, int debug,
continue;
break;
}
- if (retval != 0) { /* failed to find key */
- /* Keytab or service key does not exist */
- if (debug) {
- const char *msg = krb5_get_error_message(context,
- retval);
- syslog(LOG_DEBUG,
- "pam_krb5: verify_krb_v5_tgt(): %s: %s",
- "krb5_kt_read_service_key()", msg);
- krb5_free_error_message(context, msg);
- }
- retval = 0;
- }
if (keyblock)
krb5_free_keyblock(context, keyblock);