Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.427 (Entity 5.427) From: ghudson@mit.edu Subject: git commit RT-Send-CC: X-RT-Original-Encoding: iso-8859-1 Content-Length: 2440 Preserve GSS context on init/accept failure After gss_init_sec_context() or gss_accept_sec_context() has created a context, don't delete the mechglue context on failures from subsequent calls, even if the mechanism deletes the mech-specific context (which is allowed by RFC 2744 but not preferred). Check for union contexts with no mechanism context in each GSS function which accepts a gss_ctx_id_t. CVE-2017-11462: RFC 2744 permits a GSS-API implementation to delete an existing security context on a second or subsequent call to gss_init_sec_context() or gss_accept_sec_context() if the call results in an error. This API behavior has been found to be dangerous, leading to the possibility of memory errors in some callers. For safety, GSS-API implementations should instead preserve existing security contexts on error until the caller deletes them. All versions of MIT krb5 prior to this change may delete acceptor contexts on error. Versions 1.13.4 through 1.13.7, 1.14.1 through 1.14.5, and 1.15 through 1.15.1 may also delete initiator contexts on error. (cherry picked from commit 56f7b1bc95a2a3eeb420e069e7655fb181ade5cf) https://github.com/krb5/krb5/commit/5949691d76eb41bb2c50c3d742a5cb03d1478d06 Author: Greg Hudson Commit: 5949691d76eb41bb2c50c3d742a5cb03d1478d06 Branch: krb5-1.14 src/lib/gssapi/mechglue/g_accept_sec_context.c | 22 +++++++++++++++------- src/lib/gssapi/mechglue/g_complete_auth_token.c | 2 ++ src/lib/gssapi/mechglue/g_context_time.c | 2 ++ src/lib/gssapi/mechglue/g_delete_sec_context.c | 14 ++++++++------ src/lib/gssapi/mechglue/g_exp_sec_context.c | 2 ++ src/lib/gssapi/mechglue/g_init_sec_context.c | 19 +++++++++++-------- src/lib/gssapi/mechglue/g_inq_context.c | 2 ++ src/lib/gssapi/mechglue/g_prf.c | 2 ++ src/lib/gssapi/mechglue/g_process_context.c | 2 ++ src/lib/gssapi/mechglue/g_seal.c | 4 ++++ src/lib/gssapi/mechglue/g_sign.c | 2 ++ src/lib/gssapi/mechglue/g_unseal.c | 2 ++ src/lib/gssapi/mechglue/g_unwrap_aead.c | 2 ++ src/lib/gssapi/mechglue/g_unwrap_iov.c | 4 ++++ src/lib/gssapi/mechglue/g_verify.c | 2 ++ src/lib/gssapi/mechglue/g_wrap_aead.c | 2 ++ src/lib/gssapi/mechglue/g_wrap_iov.c | 8 ++++++++ 17 files changed, 72 insertions(+), 21 deletions(-)