calculate
/
gentoo-full-overlay
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '57abc4683e'
${ noResults }
gentoo-full-overlay/app-crypt/mit-krb5/files/mit-krb5-CVE-2014-5354.patch

57 lines
2.3 KiB
Raw Blame History

diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
index 3e560d9..10b5982 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
@@ -406,14 +406,14 @@ krb5_encode_krbsecretkey(krb5_key_data *key_data_in, int n_key_data,
int num_versions = 1;
int i, j, last;
krb5_error_code err = 0;
- krb5_key_data *key_data;
+ krb5_key_data *key_data = NULL;
- if (n_key_data <= 0)
+ if (n_key_data < 0)
return NULL;
/* Make a shallow copy of the key data so we can alter it. */
key_data = k5calloc(n_key_data, sizeof(*key_data), &err);
- if (key_data_in == NULL)
+ if (key_data == NULL)
goto cleanup;
memcpy(key_data, key_data_in, n_key_data * sizeof(*key_data));
@@ -467,9 +467,8 @@ krb5_encode_krbsecretkey(krb5_key_data *key_data_in, int n_key_data,
free(key_data);
if (err != 0) {
if (ret != NULL) {
- for (i = 0; i <= num_versions; i++)
- if (ret[i] != NULL)
- free (ret[i]);
+ for (i = 0; ret[i] != NULL; i++)
+ free (ret[i]);
free (ret);
ret = NULL;
}
@@ -1036,9 +1035,19 @@ krb5_ldap_put_principal(krb5_context context, krb5_db_entry *entry,
bersecretkey = krb5_encode_krbsecretkey (entry->key_data,
entry->n_key_data, mkvno);
- if ((st=krb5_add_ber_mem_ldap_mod(&mods, "krbprincipalkey",
- LDAP_MOD_REPLACE | LDAP_MOD_BVALUES, bersecretkey)) != 0)
+ if (bersecretkey == NULL) {
+ st = ENOMEM;
goto cleanup;
+ }
+ /* An empty list of bervals is only accepted for modify operations,
+ * not add operations. */
+ if (bersecretkey[0] != NULL || !create_standalone_prinicipal) {
+ st = krb5_add_ber_mem_ldap_mod(&mods, "krbprincipalkey",
+ LDAP_MOD_REPLACE | LDAP_MOD_BVALUES,
+ bersecretkey);
+ if (st != 0)
+ goto cleanup;
+ }
if (!(entry->mask & KADM5_PRINCIPAL)) {
memset(strval, 0, sizeof(strval));
Reference in new issue View Git Blame Copy Permalink