guix/gnu/packages/patches/mit-krb5-CVE-2015-2695-pt2.patch
Mark H Weaver ff45a00e79 gnu: mit-krb5: Add fixes for CVE-2015-{2695,2696,2697,2698}.
* gnu/packages/patches/mit-krb5-CVE-2015-2695-pt1.patch,
  gnu/packages/patches/mit-krb5-CVE-2015-2695-pt2.patch,
  gnu/packages/patches/mit-krb5-CVE-2015-2696.patch,
  gnu/packages/patches/mit-krb5-CVE-2015-2697.patch,
  gnu/packages/patches/mit-krb5-CVE-2015-2698-pt1.patch,
  gnu/packages/patches/mit-krb5-CVE-2015-2698-pt2.patch: New files.
* gnu-system.am (dist_patch_DATA): Add them.
* gnu/packages/mit-krb5.scm (mit-krb5)[native-inputs]: Add patches.
2015-11-13 12:42:47 -05:00

66 lines
2.1 KiB
Diff

Copied from Debian.
From 18c512ebdcc5cacc777e9dbcc6817f83c301ad93 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Wed, 4 Nov 2015 21:29:10 -0500
Subject: Fix SPNEGO context import
The patches for CVE-2015-2695 did not implement a SPNEGO
gss_import_sec_context() function, under the erroneous belief than an
exported SPNEGO context would be tagged with the underlying context
mechanism. Implement it now to allow SPNEGO contexts to be
successfully exported and imported after establishment.
ticket: 8273
(cherry picked from commit fbb565f913c52eba9bea82f1694aba7a8c90e93d)
Patch-Category: upstream
---
src/lib/gssapi/spnego/spnego_mech.c | 33 +++++++++++++++++++++++++++------
1 file changed, 27 insertions(+), 6 deletions(-)
diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c
index a1072b0..02284a1 100644
--- a/src/lib/gssapi/spnego/spnego_mech.c
+++ b/src/lib/gssapi/spnego/spnego_mech.c
@@ -2256,12 +2256,33 @@ spnego_gss_import_sec_context(
const gss_buffer_t interprocess_token,
gss_ctx_id_t *context_handle)
{
- /*
- * Until we implement partial context exports, there are no SPNEGO
- * exported context tokens, only tokens for underlying mechs. So just
- * return an error for now.
- */
- return GSS_S_UNAVAILABLE;
+ OM_uint32 ret, tmpmin;
+ gss_ctx_id_t mctx;
+ spnego_gss_ctx_id_t sc;
+ int initiate, opened;
+
+ ret = gss_import_sec_context(minor_status, interprocess_token, &mctx);
+ if (ret != GSS_S_COMPLETE)
+ return ret;
+
+ ret = gss_inquire_context(&tmpmin, mctx, NULL, NULL, NULL, NULL, NULL,
+ &initiate, &opened);
+ if (ret != GSS_S_COMPLETE || !opened) {
+ /* We don't currently support importing partially established
+ * contexts. */
+ (void) gss_delete_sec_context(&tmpmin, &mctx, GSS_C_NO_BUFFER);
+ return GSS_S_FAILURE;
+ }
+
+ sc = create_spnego_ctx(initiate);
+ if (sc == NULL) {
+ (void) gss_delete_sec_context(&tmpmin, &mctx, GSS_C_NO_BUFFER);
+ return GSS_S_FAILURE;
+ }
+ sc->ctx_handle = mctx;
+ sc->opened = 1;
+ *context_handle = (gss_ctx_id_t)sc;
+ return GSS_S_COMPLETE;
}
#endif /* LEAN_CLIENT */