Skip Menu |
 

From: tlyu@mit.edu
Subject: git commit
Download (untitled) / with headers
text/plain 1.4KiB

Fix gss_process_context_token() [CVE-2014-5352]

[MITKRB5-SA-2015-001] The krb5 gss_process_context_token() should not
actually delete the context; that leaves the caller with a dangling
pointer and no way to know that it is invalid. Instead, mark the
context as terminated, and check for terminated contexts in the GSS
functions which expect established contexts. Also add checks in
export_sec_context and pseudo_random, and adjust t_prf.c for the
pseudo_random check.

(back ported from commit 82dc33da50338ac84c7b4102dc6513d897d0506a)

https://github.com/krb5/krb5/commit/e76dbd8d163e235d821011ed9ea3baa5376da854
Author: Tom Yu <tlyu@mit.edu>
Commit: e76dbd8d163e235d821011ed9ea3baa5376da854
Branch: krb5-1.12
src/lib/gssapi/krb5/context_time.c | 2 +-
src/lib/gssapi/krb5/export_sec_context.c | 5 +++++
src/lib/gssapi/krb5/gssapiP_krb5.h | 1 +
src/lib/gssapi/krb5/gssapi_krb5.c | 2 +-
src/lib/gssapi/krb5/inq_context.c | 2 +-
src/lib/gssapi/krb5/k5seal.c | 2 +-
src/lib/gssapi/krb5/k5sealiov.c | 2 +-
src/lib/gssapi/krb5/k5unseal.c | 2 +-
src/lib/gssapi/krb5/k5unsealiov.c | 2 +-
src/lib/gssapi/krb5/lucid_context.c | 5 +++++
src/lib/gssapi/krb5/prf.c | 4 ++++
src/lib/gssapi/krb5/process_context_token.c | 17 ++++++++++++-----
src/lib/gssapi/krb5/wrap_size_limit.c | 2 +-
13 files changed, 35 insertions(+), 13 deletions(-)
From: tlyu@mit.edu
Subject: git commit

Add test program for gss_process_context_token

Add a new test program t_pcontok to exercise
gss_process_context_token, and run it from t_gssapi.py.

(back ported from commit bfb472ff67c00da2f2b0d0ada1af57a2c4493a11)

https://github.com/krb5/krb5/commit/d8cb443634fd83d11680822b023aec45c3adac26
Author: Tom Yu <tlyu@mit.edu>
Commit: d8cb443634fd83d11680822b023aec45c3adac26
Branch: krb5-1.12
.gitignore | 1 +
src/tests/gssapi/Makefile.in | 18 ++--
src/tests/gssapi/t_gssapi.py | 1 +
src/tests/gssapi/t_pcontok.c | 202 ++++++++++++++++++++++++++++++++++++++++++
4 files changed, 214 insertions(+), 8 deletions(-)