From c6466de442c4c7de7e9e138a8cc9430a2c254dad Mon Sep 17 00:00:00 2001
From: zhangyaqi <zhangyaqi@kylinos.cn>
Date: Fri, 18 Oct 2024 07:36:49 +0800
Subject: [PATCH] Fix memory leak in PAC checksum verification

(cherry picked from commit 85566df5d12a640da947d334d76dd8ce576941ed)
---
 ...ry-leak-in-PAC-checksum-verification.patch | 39 +++++++++++++++++++
 krb5.spec                                     |  6 ++-
 2 files changed, 44 insertions(+), 1 deletion(-)
 create mode 100644 backport-Fix-memory-leak-in-PAC-checksum-verification.patch

diff --git a/backport-Fix-memory-leak-in-PAC-checksum-verification.patch b/backport-Fix-memory-leak-in-PAC-checksum-verification.patch
new file mode 100644
index 0000000..1fd4448
--- /dev/null
+++ b/backport-Fix-memory-leak-in-PAC-checksum-verification.patch
@@ -0,0 +1,39 @@
+From c03ac354436a7182962b4987d318a86cb7ac558b Mon Sep 17 00:00:00 2001
+From: Arjun <pkillarjun@protonmail.com>
+Date: Fri, 11 Oct 2024 00:55:59 +0530
+Subject: [PATCH] Fix memory leak in PAC checksum verification
+
+If the server checksum length is invalid, do proper cleanup in
+verify_pac_checksums() before returning.
+
+[ghudson@mit.edu: edited commit message]
+
+ticket: 9143 (new)
+tags: pullup
+target_version: 1.21-next
+---
+ src/lib/krb5/krb/pac.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/src/lib/krb5/krb/pac.c b/src/lib/krb5/krb/pac.c
+index 5d1fdf1..77adcd2 100644
+--- a/src/lib/krb5/krb/pac.c
++++ b/src/lib/krb5/krb/pac.c
+@@ -557,9 +557,11 @@ verify_pac_checksums(krb5_context context, const krb5_pac pac,
+         ret = k5_pac_locate_buffer(context, pac, KRB5_PAC_SERVER_CHECKSUM,
+                                    &server_checksum);
+         if (ret)
+-            return ret;
+-        if (server_checksum.length < PAC_SIGNATURE_DATA_LENGTH)
+-            return KRB5_BAD_MSIZE;
++            goto cleanup;
++        if (server_checksum.length < PAC_SIGNATURE_DATA_LENGTH) {
++            ret = KRB5_BAD_MSIZE;
++            goto cleanup;
++        }
+         server_checksum.data += PAC_SIGNATURE_DATA_LENGTH;
+         server_checksum.length -= PAC_SIGNATURE_DATA_LENGTH;
+ 
+-- 
+2.27.0
+
diff --git a/krb5.spec b/krb5.spec
index 2136d3d..6338e5b 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -3,7 +3,7 @@
 
 Name:     krb5
 Version:  1.21.2
-Release:  8
+Release:  9
 Summary:  The Kerberos network authentication protocol
 License:  MIT
 URL:      http://web.mit.edu/kerberos/www/
@@ -38,6 +38,7 @@ Patch14: backport-Fix-Python-regexp-literals.patch
 Patch15: backport-Handle-empty-initial-buffer-in-IAKERB-initiator.patch
 Patch16: backport-CVE-2024-37370-CVE-2024-37371-Fix-vulnerabilities-in-GSS-message-token-handling.patch
 Patch17: backport-Change-krb5_get_credentials-endtime-behavior.patch
+Patch18: backport-Fix-memory-leak-in-PAC-checksum-verification.patch
 
 BuildRequires:  gettext
 BuildRequires:  gcc make automake autoconf pkgconfig pam-devel libselinux-devel byacc
@@ -336,6 +337,9 @@ make -C src check || :
 %{_mandir}/man8/*
 
 %changelog
+* Sun Oct 27 2024 zhangyaqi <zhangyaqi@kylinos.cn> - 1.21.2-9
+- Fix memory leak in PAC checksum verification
+
 * Tue Jul 23 2024 zhangxingrong <zhangxingrong@uniontech.cn> - 1.21.2-8
 - Change krb5_get_credentials() endtime behavior
 
-- 
Gitee