git: d831a2fe480f - main - security/heimdal*: The version string must always contain a terminating NUL

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Cy Schubert <cy_at_FreeBSD.org>
Date: Thu, 24 Nov 2022 17:27:06 UTC
The branch main has been updated by cy:

URL: https://cgit.FreeBSD.org/ports/commit/?id=d831a2fe480fe02126bd5b9aba5569c5e69f1034

commit d831a2fe480fe02126bd5b9aba5569c5e69f1034
Author:     Cy Schubert <cy@FreeBSD.org>
AuthorDate: 2022-11-21 22:41:13 +0000
Commit:     Cy Schubert <cy@FreeBSD.org>
CommitDate: 2022-11-24 17:22:01 +0000

    security/heimdal*: The version string must always contain a terminating NUL
    
    Should the sender send a string without a terminating NUL, ensure that
    the NUL terminates the string regardless.
    
    And while at it only process the version string when bytes are returned.
    
    PR:             267884
    Reported by:    Robert Morris <rtm@lcs.mit.edu>
    MFH:            2022Q4
---
 security/heimdal-devel/Makefile                    |  2 +-
 .../heimdal-devel/files/patch-lib_krb5_recvauth.c  | 42 ++++++++++++++++++++++
 security/heimdal/Makefile                          |  2 +-
 security/heimdal/files/patch-lib_krb5_recvauth.c   | 42 ++++++++++++++++++++++
 4 files changed, 86 insertions(+), 2 deletions(-)

diff --git a/security/heimdal-devel/Makefile b/security/heimdal-devel/Makefile
index 7953a8364e8c..5d03e274c83c 100644
--- a/security/heimdal-devel/Makefile
+++ b/security/heimdal-devel/Makefile
@@ -1,6 +1,6 @@
 PORTNAME=	heimdal
 PORTVERSION=	${HEIMDAL_COMMIT_DATE}
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	security
 PKGNAMESUFFIX=	-devel
 HASH=		8f9c2d115
diff --git a/security/heimdal-devel/files/patch-lib_krb5_recvauth.c b/security/heimdal-devel/files/patch-lib_krb5_recvauth.c
new file mode 100644
index 000000000000..95d8acf15baf
--- /dev/null
+++ b/security/heimdal-devel/files/patch-lib_krb5_recvauth.c
@@ -0,0 +1,42 @@
+--- lib/krb5/recvauth.c.orig	2022-09-15 16:54:19.000000000 -0700
++++ lib/krb5/recvauth.c	2022-11-21 14:37:31.130429000 -0800
+@@ -98,7 +98,7 @@
+     const char *version = KRB5_SENDAUTH_VERSION;
+     char her_version[sizeof(KRB5_SENDAUTH_VERSION)];
+     char *her_appl_version;
+-    uint32_t len;
++    uint32_t len, bytes;
+     u_char repl;
+     krb5_data data;
+     krb5_flags ap_options;
+@@ -166,15 +166,21 @@
+ 	krb5_net_write (context, p_fd, &repl, 1);
+ 	return krb5_enomem(context);
+     }
+-    if (krb5_net_read (context, p_fd, her_appl_version, len) != len
+-	|| !(*match_appl_version)(match_data, her_appl_version)) {
+-	repl = 2;
+-	krb5_net_write (context, p_fd, &repl, 1);
+-	krb5_set_error_message(context, KRB5_SENDAUTH_BADAPPLVERS,
+-			       N_("wrong sendauth application version (%s)", ""),
+-			       her_appl_version);
+-	free (her_appl_version);
+-	return KRB5_SENDAUTH_BADAPPLVERS;
++    if ((bytes = krb5_net_read (context, p_fd, her_appl_version, len))) {
++	/* PR/267884: String read must always conatain a terminating NUL */
++	if (strnlen(her_appl_version, len) == len)
++		her_appl_version[len-1] = '\0';
++
++	if (bytes != len ||
++		!(*match_appl_version)(match_data, her_appl_version)) {
++		repl = 2;
++		krb5_net_write (context, p_fd, &repl, 1);
++		krb5_set_error_message(context, KRB5_SENDAUTH_BADAPPLVERS,
++				       N_("wrong sendauth application version (%s)", ""),
++				       her_appl_version);
++		free (her_appl_version);
++		return KRB5_SENDAUTH_BADAPPLVERS;
++    	}
+     }
+     free (her_appl_version);
+ 
diff --git a/security/heimdal/Makefile b/security/heimdal/Makefile
index 6508bf471ee0..3d92a0c2fd3b 100644
--- a/security/heimdal/Makefile
+++ b/security/heimdal/Makefile
@@ -1,6 +1,6 @@
 PORTNAME=	heimdal
 PORTVERSION=	7.8.0
-PORTREVISION=	3
+PORTREVISION=	4
 CATEGORIES=	security
 MASTER_SITES=	https://github.com/heimdal/heimdal/releases/download/${DISTNAME}/
 
diff --git a/security/heimdal/files/patch-lib_krb5_recvauth.c b/security/heimdal/files/patch-lib_krb5_recvauth.c
new file mode 100644
index 000000000000..95d8acf15baf
--- /dev/null
+++ b/security/heimdal/files/patch-lib_krb5_recvauth.c
@@ -0,0 +1,42 @@
+--- lib/krb5/recvauth.c.orig	2022-09-15 16:54:19.000000000 -0700
++++ lib/krb5/recvauth.c	2022-11-21 14:37:31.130429000 -0800
+@@ -98,7 +98,7 @@
+     const char *version = KRB5_SENDAUTH_VERSION;
+     char her_version[sizeof(KRB5_SENDAUTH_VERSION)];
+     char *her_appl_version;
+-    uint32_t len;
++    uint32_t len, bytes;
+     u_char repl;
+     krb5_data data;
+     krb5_flags ap_options;
+@@ -166,15 +166,21 @@
+ 	krb5_net_write (context, p_fd, &repl, 1);
+ 	return krb5_enomem(context);
+     }
+-    if (krb5_net_read (context, p_fd, her_appl_version, len) != len
+-	|| !(*match_appl_version)(match_data, her_appl_version)) {
+-	repl = 2;
+-	krb5_net_write (context, p_fd, &repl, 1);
+-	krb5_set_error_message(context, KRB5_SENDAUTH_BADAPPLVERS,
+-			       N_("wrong sendauth application version (%s)", ""),
+-			       her_appl_version);
+-	free (her_appl_version);
+-	return KRB5_SENDAUTH_BADAPPLVERS;
++    if ((bytes = krb5_net_read (context, p_fd, her_appl_version, len))) {
++	/* PR/267884: String read must always conatain a terminating NUL */
++	if (strnlen(her_appl_version, len) == len)
++		her_appl_version[len-1] = '\0';
++
++	if (bytes != len ||
++		!(*match_appl_version)(match_data, her_appl_version)) {
++		repl = 2;
++		krb5_net_write (context, p_fd, &repl, 1);
++		krb5_set_error_message(context, KRB5_SENDAUTH_BADAPPLVERS,
++				       N_("wrong sendauth application version (%s)", ""),
++				       her_appl_version);
++		free (her_appl_version);
++		return KRB5_SENDAUTH_BADAPPLVERS;
++    	}
+     }
+     free (her_appl_version);
+