diff options
Diffstat (limited to 'testing/krb5/MITKRB5-SA-2012-001.patch')
| -rw-r--r-- | testing/krb5/MITKRB5-SA-2012-001.patch | 61 |
1 files changed, 0 insertions, 61 deletions
diff --git a/testing/krb5/MITKRB5-SA-2012-001.patch b/testing/krb5/MITKRB5-SA-2012-001.patch deleted file mode 100644 index 938b56570..000000000 --- a/testing/krb5/MITKRB5-SA-2012-001.patch +++ /dev/null @@ -1,61 +0,0 @@ -diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c -index 23623fe..8ada9d0 100644 ---- a/src/kdc/do_as_req.c -+++ b/src/kdc/do_as_req.c -@@ -463,7 +463,7 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt, - krb5_enctype useenctype; - struct as_req_state *state; - -- state = malloc(sizeof(*state)); -+ state = calloc(sizeof(*state), 1); - if (!state) { - (*respond)(arg, ENOMEM, NULL); - return; -@@ -486,6 +486,7 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt, - state->authtime = 0; - state->c_flags = 0; - state->req_pkt = req_pkt; -+ state->inner_body = NULL; - state->rstate = NULL; - state->sname = 0; - state->cname = 0; -diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c -index 9d8cb34..d4ece3f 100644 ---- a/src/kdc/kdc_preauth.c -+++ b/src/kdc/kdc_preauth.c -@@ -1438,7 +1438,8 @@ etype_info_helper(krb5_context context, krb5_kdc_req *request, - continue; - - } -- if (request_contains_enctype(context, request, db_etype)) { -+ if (krb5_is_permitted_enctype(context, db_etype) && -+ request_contains_enctype(context, request, db_etype)) { - retval = _make_etype_info_entry(context, client->princ, - client_key, db_etype, - &entry[i], etype_info2); -diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c -index a43b291..94dad3a 100644 ---- a/src/kdc/kdc_util.c -+++ b/src/kdc/kdc_util.c -@@ -2461,6 +2461,7 @@ kdc_handle_protected_negotiation(krb5_data *req_pkt, krb5_kdc_req *request, - return 0; - pa.magic = KV5M_PA_DATA; - pa.pa_type = KRB5_ENCPADATA_REQ_ENC_PA_REP; -+ memset(&checksum, 0, sizeof(checksum)); - retval = krb5_c_make_checksum(kdc_context,0, reply_key, - KRB5_KEYUSAGE_AS_REQ, req_pkt, &checksum); - if (retval != 0) -diff --git a/src/lib/kdb/kdb_default.c b/src/lib/kdb/kdb_default.c -index c4bf92e..367c894 100644 ---- a/src/lib/kdb/kdb_default.c -+++ b/src/lib/kdb/kdb_default.c -@@ -61,6 +61,9 @@ krb5_dbe_def_search_enctype(kcontext, dbentp, start, ktype, stype, kvno, kdatap) - krb5_boolean saw_non_permitted = FALSE; - - ret = 0; -+ if (ktype != -1 && !krb5_is_permitted_enctype(kcontext, ktype)) -+ return KRB5_KDB_NO_PERMITTED_KEY; -+ - if (kvno == -1 && stype == -1 && ktype == -1) - kvno = 0; - |