head	1.2;
access;
symbols
	pkgsrc-2015Q4:1.1.0.8
	pkgsrc-2015Q4-base:1.1
	pkgsrc-2015Q3:1.1.0.6
	pkgsrc-2015Q3-base:1.1
	pkgsrc-2015Q2:1.1.0.4
	pkgsrc-2015Q2-base:1.1
	pkgsrc-2015Q1:1.1.0.2
	pkgsrc-2015Q1-base:1.1;
locks; strict;
comment	@# @;


1.2
date	2016.03.15.15.16.39;	author tez;	state dead;
branches;
next	1.1;
commitid	vfGyRvS5ID9EDKYy;

1.1
date	2015.02.25.22.28.58;	author tez;	state Exp;
branches;
next	;
commitid	gZ9MRsbsAuA2nrby;


desc
@@


1.2
log
@Update to 1.14.1 resolving all reported vulnerabilities including:
CVE-2015-2695
CVE-2015-2696
CVE-2015-2697
CVE-2015-2698
CVE-2015-8629
CVE-2015-8630
CVE-2015-8631
@
text
@$NetBSD: patch-CVE-2014-5355,v 1.1 2015/02/25 22:28:58 tez Exp $

Patch for CVE-2014-5355 from:
https://github.com/krb5/krb5/commit/102bb6ebf20f9174130c85c3b052ae104e5073ec


--- ./appl/user_user/server.c.orig	2015-02-25 21:22:16.608302700 +0000
+++ ./appl/user_user/server.c
@@@@ -113,8 +113,10 @@@@ int main(argc, argv)
     }
 #endif
 
+    /* principal name must be sent null-terminated. */
     retval = krb5_read_message(context, (krb5_pointer) &sock, &pname_data);
-    if (retval) {
+    if (retval || pname_data.length == 0 ||
+        pname_data.data[pname_data.length - 1] != '\0') {
         com_err ("uu-server", retval, "reading pname");
         return 2;
     }

--- ./lib/krb5/krb/recvauth.c.orig	2015-02-25 21:24:52.754211700 +0000
+++ ./lib/krb5/krb/recvauth.c
@@@@ -59,6 +59,7 @@@@ recvauth_common(krb5_context context,
     krb5_rcache           rcache = 0;
     krb5_octet            response;
     krb5_data             null_server;
+    krb5_data             d;
     int                   need_error_free = 0;
     int                   local_rcache = 0, local_authcon = 0;
 
@@@@ -77,7 +78,8 @@@@ recvauth_common(krb5_context context,
          */
         if ((retval = krb5_read_message(context, fd, &inbuf)))
             return(retval);
-        if (strcmp(inbuf.data, sendauth_version)) {
+        d = make_data((char *)sendauth_version, strlen(sendauth_version) + 1);
+        if (!data_eq(inbuf, d)) {
             problem = KRB5_SENDAUTH_BADAUTHVERS;
             response = 1;
         }
@@@@ -93,8 +95,9 @@@@ recvauth_common(krb5_context context,
      */
     if ((retval = krb5_read_message(context, fd, &inbuf)))
         return(retval);
-    if (appl_version && strcmp(inbuf.data, appl_version)) {
-        if (!problem) {
+    if (appl_version != NULL && !problem) {
+        d = make_data(appl_version, strlen(appl_version) + 1);
+        if (!data_eq(inbuf, d)) {
             problem = KRB5_SENDAUTH_BADAPPLVERS;
             response = 2;
         }
@


1.1
log
@Backported fixes for:
http://web.mit.edu/kerberos/advisories/2015-001-patch-r111.txt
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9421
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9422
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9423
and:
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5353
and
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5355
 (also apparently known as SA62976)
@
text
@d1 1
a1 1
$NetBSD$
@