From 6343af09ffaea606865d262f2f56964764689479 Mon Sep 17 00:00:00 2001 From: yanshuai01 Date: Thu, 27 Jun 2024 17:07:27 +0800 Subject: [PATCH] fix leak in KDC NDR encoding (cherry picked from commit 35c0952c99a9d572ac50ead2a93966b08c0c310b) --- fix-leak-in-KDC-NDR-encoding.patch | 42 ++++++++++++++++++++++++++++++ krb5.spec | 6 ++++- 2 files changed, 47 insertions(+), 1 deletion(-) create mode 100644 fix-leak-in-KDC-NDR-encoding.patch diff --git a/fix-leak-in-KDC-NDR-encoding.patch b/fix-leak-in-KDC-NDR-encoding.patch new file mode 100644 index 0000000..cca5d25 --- /dev/null +++ b/fix-leak-in-KDC-NDR-encoding.patch @@ -0,0 +1,42 @@ +From 0c2de238b5bf1ea4578e3933a604c7850905b8be Mon Sep 17 00:00:00 2001 +From: Greg Hudson +Date: Tue, 5 Mar 2024 17:38:49 -0500 +Subject: [PATCH] Fix leak in KDC NDR encoding + +If the KDC tries to encode a principal containing encode invalid UTF-8 +sequences for inclusion in a PAC delegation info buffer, it will leak +a small amount of memory in enc_wchar_pointer() before failing. Fix +the leak. + +(cherry picked from commit 7d0d85bf99caf60c0afd4dcf91b0c4c683b983fe) + +ticket: 9115 +version_fixed: 1.21.3 + +--- + src/kdc/ndr.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/src/kdc/ndr.c b/src/kdc/ndr.c +index 48395ab..d438408 100644 +--- a/src/kdc/ndr.c ++++ b/src/kdc/ndr.c +@@ -96,14 +96,13 @@ enc_wchar_pointer(const char *utf8, struct encoded_wchars *encoded_out) + size_t utf16len, num_wchars; + uint8_t *utf16; + +- k5_buf_init_dynamic(&b); +- + ret = k5_utf8_to_utf16le(utf8, &utf16, &utf16len); + if (ret) + return ret; + + num_wchars = utf16len / 2; + ++ k5_buf_init_dynamic(&b); + k5_buf_add_uint32_le(&b, num_wchars + 1); + k5_buf_add_uint32_le(&b, 0); + k5_buf_add_uint32_le(&b, num_wchars); +-- +2.27.0 + diff --git a/krb5.spec b/krb5.spec index 138e211..c5bb579 100644 --- a/krb5.spec +++ b/krb5.spec @@ -3,7 +3,7 @@ Name: krb5 Version: 1.21.2 -Release: 5 +Release: 6 Summary: The Kerberos network authentication protocol License: MIT URL: http://web.mit.edu/kerberos/www/ @@ -32,6 +32,7 @@ Patch8: backport-Fix-unimportant-memory-leaks.patch Patch9: backport-Remove-klist-s-defname-global-variable.patch Patch10: backport-Fix-two-unlikely-memory-leaks.patch Patch11: backport-Allow-modifications-of-empty-profiles.patch +Patch12: fix-leak-in-KDC-NDR-encoding.patch BuildRequires: gettext BuildRequires: gcc make automake autoconf pkgconfig pam-devel libselinux-devel byacc @@ -330,6 +331,9 @@ make -C src check || : %{_mandir}/man8/* %changelog +* Thu Jun 27 2024 yanshuai - 1.21.2-6 +- Fix leak in KDC NDR encoding + * Tue Jun 18 2024 gengqihu - 1.21.2-5 - backport patches from upstream -- Gitee