Skip Menu |
 

From: ghudson@mit.edu
Subject: git commit
Download (untitled) / with headers
text/plain 1.4KiB

Fix gss_process_context_token() [CVE-2014-5352]

[MITKRB5-SA-2015-001] The krb5 gss_process_context_token() should not
actually delete the context; that leaves the caller with a dangling
pointer and no way to know that it is invalid. Instead, mark the
context as terminated, and check for terminated contexts in the GSS
functions which expect established contexts. Also add checks in
export_sec_context and pseudo_random, and adjust t_prf.c for the
pseudo_random check.

https://github.com/krb5/krb5/commit/82dc33da50338ac84c7b4102dc6513d897d0506a
Author: Greg Hudson <ghudson@mit.edu>
Commit: 82dc33da50338ac84c7b4102dc6513d897d0506a
Branch: master
src/lib/gssapi/krb5/context_time.c | 2 +-
src/lib/gssapi/krb5/export_sec_context.c | 5 +++++
src/lib/gssapi/krb5/gssapiP_krb5.h | 1 +
src/lib/gssapi/krb5/gssapi_krb5.c | 2 +-
src/lib/gssapi/krb5/inq_context.c | 2 +-
src/lib/gssapi/krb5/k5seal.c | 2 +-
src/lib/gssapi/krb5/k5sealiov.c | 2 +-
src/lib/gssapi/krb5/k5unseal.c | 2 +-
src/lib/gssapi/krb5/k5unsealiov.c | 2 +-
src/lib/gssapi/krb5/lucid_context.c | 5 +++++
src/lib/gssapi/krb5/prf.c | 4 ++++
src/lib/gssapi/krb5/process_context_token.c | 17 ++++++++++++-----
src/lib/gssapi/krb5/wrap_size_limit.c | 2 +-
src/tests/gssapi/t_prf.c | 1 +
14 files changed, 36 insertions(+), 13 deletions(-)
From: ghudson@mit.edu
Subject: git commit

Add test program for gss_process_context_token

Add a new test program t_pcontok to exercise
gss_process_context_token, and run it from t_gssapi.py.

https://github.com/krb5/krb5/commit/bfb472ff67c00da2f2b0d0ada1af57a2c4493a11
Author: Greg Hudson <ghudson@mit.edu>
Commit: bfb472ff67c00da2f2b0d0ada1af57a2c4493a11
Branch: master
.gitignore | 1 +
src/tests/gssapi/Makefile.in | 20 +++--
src/tests/gssapi/t_gssapi.py | 1 +
src/tests/gssapi/t_pcontok.c | 202 ++++++++++++++++++++++++++++++++++++++++++
4 files changed, 215 insertions(+), 9 deletions(-)
From: tlyu@mit.edu
Subject: git commit
Download (untitled) / with headers
text/plain 1.5KiB

Fix gss_process_context_token() [CVE-2014-5352]

[MITKRB5-SA-2015-001] The krb5 gss_process_context_token() should not
actually delete the context; that leaves the caller with a dangling
pointer and no way to know that it is invalid. Instead, mark the
context as terminated, and check for terminated contexts in the GSS
functions which expect established contexts. Also add checks in
export_sec_context and pseudo_random, and adjust t_prf.c for the
pseudo_random check.

(cherry picked from commit 82dc33da50338ac84c7b4102dc6513d897d0506a)

https://github.com/krb5/krb5/commit/3cfd4bd9e7c09c3b9024d83ab6e3bba2218eb48b
Author: Greg Hudson <ghudson@mit.edu>
Committer: Tom Yu <tlyu@mit.edu>
Commit: 3cfd4bd9e7c09c3b9024d83ab6e3bba2218eb48b
Branch: krb5-1.13
src/lib/gssapi/krb5/context_time.c | 2 +-
src/lib/gssapi/krb5/export_sec_context.c | 5 +++++
src/lib/gssapi/krb5/gssapiP_krb5.h | 1 +
src/lib/gssapi/krb5/gssapi_krb5.c | 2 +-
src/lib/gssapi/krb5/inq_context.c | 2 +-
src/lib/gssapi/krb5/k5seal.c | 2 +-
src/lib/gssapi/krb5/k5sealiov.c | 2 +-
src/lib/gssapi/krb5/k5unseal.c | 2 +-
src/lib/gssapi/krb5/k5unsealiov.c | 2 +-
src/lib/gssapi/krb5/lucid_context.c | 5 +++++
src/lib/gssapi/krb5/prf.c | 4 ++++
src/lib/gssapi/krb5/process_context_token.c | 17 ++++++++++++-----
src/lib/gssapi/krb5/wrap_size_limit.c | 2 +-
src/tests/gssapi/t_prf.c | 1 +
14 files changed, 36 insertions(+), 13 deletions(-)
From: tlyu@mit.edu
Subject: git commit

Add test program for gss_process_context_token

Add a new test program t_pcontok to exercise
gss_process_context_token, and run it from t_gssapi.py.

(cherry picked from commit bfb472ff67c00da2f2b0d0ada1af57a2c4493a11)

https://github.com/krb5/krb5/commit/97f96c5f74b069d7bc66bc2c5fe35c904b5e7a03
Author: Greg Hudson <ghudson@mit.edu>
Committer: Tom Yu <tlyu@mit.edu>
Commit: 97f96c5f74b069d7bc66bc2c5fe35c904b5e7a03
Branch: krb5-1.13
.gitignore | 1 +
src/tests/gssapi/Makefile.in | 20 +++--
src/tests/gssapi/t_gssapi.py | 1 +
src/tests/gssapi/t_pcontok.c | 202 ++++++++++++++++++++++++++++++++++++++++++
4 files changed, 215 insertions(+), 9 deletions(-)