packages/krb5
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix memory leak in OTP kdcpreauth module

Browse Source
This commit is contained in:
yanshuai01 2024-07-12 16:04:27 +08:00
parent fe07419e87
commit 146b498275
2 changed files with 57 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
Fix-memory-leak-in-OTP-kdcpreauth-module.patch Normal file
View File

@ -0,0 +1,52 @@
From 1166f1404c47af54f3d5b2533bb001fdadf6aadc Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Fri, 3 Jun 2022 14:30:42 -0400
Subject: [PATCH] Fix memory leak in OTP kdcpreauth module
In otp_edata(), free the generated nonce.
(cherry picked from commit 5ad465bc8e0d957a4945218bea487b77622bf433)
ticket: 9063
version_fixed: 1.20.1
---
src/plugins/preauth/otp/main.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/plugins/preauth/otp/main.c b/src/plugins/preauth/otp/main.c
index a1b6816..f4eedbe 100644
--- a/src/plugins/preauth/otp/main.c
+++ b/src/plugins/preauth/otp/main.c
@@ -211,7 +211,7 @@ otp_edata(krb5_context context, krb5_kdc_req *request,
krb5_pa_otp_challenge chl;
krb5_pa_data *pa = NULL;
krb5_error_code retval;
- krb5_data *encoding;
+ krb5_data *encoding, nonce = empty_data();
char *config;
/* Determine if otp is enabled for the user. */
@@ -239,9 +239,10 @@ otp_edata(krb5_context context, krb5_kdc_req *request,
ti.iteration_count = -1;
/* Generate the nonce. */
- retval = nonce_generate(context, armor_key->length, &chl.nonce);
+ retval = nonce_generate(context, armor_key->length, &nonce);
if (retval != 0)
goto out;
+ chl.nonce = nonce;
/* Build the output pa-data. */
retval = encode_krb5_pa_otp_challenge(&chl, &encoding);
@@ -258,6 +259,7 @@ otp_edata(krb5_context context, krb5_kdc_req *request,
free(encoding);
out:
+ krb5_free_data_contents(context, &nonce);
(*respond)(arg, retval, pa);
}
--
2.27.0

6
krb5.spec
View File

@ -3,7 +3,7 @@
Name: krb5
Version: 1.19.2
Release: 17
Release: 18
Summary: The Kerberos network authentication protocol
License: MIT
URL: http://web.mit.edu/kerberos/www/
@ -55,6 +55,7 @@ Patch31: backport-Fix-Python-regexp-literals.patch
Patch32: backport-Handle-empty-initial-buffer-in-IAKERB-initiator.patch
Patch33: backport-Add-a-simple-DER-support-header.patch
Patch34: backport-CVE-2024-37370-CVE-2024-37371-Fix-vulnerabilities-in-GSS-message-token-handling.patch
Patch35: Fix-memory-leak-in-OTP-kdcpreauth-module.patch
BuildRequires: gettext
BuildRequires: gcc make automake autoconf pkgconfig pam-devel libselinux-devel byacc
@ -347,6 +348,9 @@ make -C src check || :
%changelog
* Fri Jul 12 2024 yanshuai <yanshuai01@kylinos.cn> - 1.19.2-18
- Fix memory leak in OTP kdcpreauth module
* Thu Jul 4 2024 xuraoqing <xuraoqing@huawei.com> - 1.19.2-17
- backport patches to fix bugs and CVE-2024-37370 CVE-2024-37371