Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15:Update
krb5.10008
0010-Remove-incorrect-KDC-assertion.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0010-Remove-incorrect-KDC-assertion.patch of Package krb5.10008
From c51d8632df3b5cda9edf7cac3d7f2077a5777811 Mon Sep 17 00:00:00 2001 From: Isaac Boukris <iboukris@gmail.com> Date: Sat, 15 Dec 2018 11:56:36 +0200 Subject: [PATCH 10/10] Remove incorrect KDC assertion The assertion in return_enc_padata() is reachable because kdc_make_s4u2self_rep() may have previously added encrypted padata. It is no longer necessary because the code uses add_pa_data_element() instead of allocating a new list. CVE-2018-20217: In MIT krb5 1.8 or later, an authenticated user who can obtain a TGT using an older encryption type (DES, DES3, or RC4) can cause an assertion failure in the KDC by sending an S4U2Self request. [ghudson@mit.edu: rewrote commit message with CVE description] (cherry picked from commit 94e5eda5bb94d1d44733a49c3d9b6d1e42c74def) ticket: 8767 version_fixed: 1.15.5 (cherry picked from commit 17cc01779e8e40cc414b39bc2a99fd48bb064124) --- src/kdc/kdc_preauth.c | 1 - src/tests/gssapi/t_s4u.py | 7 +++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c index 605fcb7ad..0708f4dbb 100644 --- a/src/kdc/kdc_preauth.c +++ b/src/kdc/kdc_preauth.c @@ -1609,7 +1609,6 @@ return_enc_padata(krb5_context context, krb5_data *req_pkt, krb5_error_code code = 0; /* This should be initialized and only used for Win2K compat and other * specific standardized uses such as FAST negotiation. */ - assert(reply_encpart->enc_padata == NULL); if (is_referral) { code = return_referral_enc_padata(context, reply_encpart, server); if (code) diff --git a/src/tests/gssapi/t_s4u.py b/src/tests/gssapi/t_s4u.py index 7366e3915..9f8591f6c 100755 --- a/src/tests/gssapi/t_s4u.py +++ b/src/tests/gssapi/t_s4u.py @@ -144,6 +144,13 @@ if 'auth1: user@' not in out or 'auth2: user@' not in out: realm.stop() +for realm in multipass_realms(create_host=False, get_creds=False): + service1 = 'service/1@%s' % realm.realm + realm.addprinc(service1) + realm.extract_keytab(service1, realm.keytab) + realm.kinit(service1, None, ['-k']) + realm.run(['./t_s4u', 'p:user', '-']) + # Exercise cross-realm S4U2Self. The query in the foreign realm will # fail, but we can check that the right server principal was used. r1, r2 = cross_realms(2, create_user=False) -- 2.20.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor