git: d831a2fe480f - main - security/heimdal*: The version string must always contain a terminating NUL
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 24 Nov 2022 17:27:06 UTC
The branch main has been updated by cy: URL: https://cgit.FreeBSD.org/ports/commit/?id=d831a2fe480fe02126bd5b9aba5569c5e69f1034 commit d831a2fe480fe02126bd5b9aba5569c5e69f1034 Author: Cy Schubert <cy@FreeBSD.org> AuthorDate: 2022-11-21 22:41:13 +0000 Commit: Cy Schubert <cy@FreeBSD.org> CommitDate: 2022-11-24 17:22:01 +0000 security/heimdal*: The version string must always contain a terminating NUL Should the sender send a string without a terminating NUL, ensure that the NUL terminates the string regardless. And while at it only process the version string when bytes are returned. PR: 267884 Reported by: Robert Morris <rtm@lcs.mit.edu> MFH: 2022Q4 --- security/heimdal-devel/Makefile | 2 +- .../heimdal-devel/files/patch-lib_krb5_recvauth.c | 42 ++++++++++++++++++++++ security/heimdal/Makefile | 2 +- security/heimdal/files/patch-lib_krb5_recvauth.c | 42 ++++++++++++++++++++++ 4 files changed, 86 insertions(+), 2 deletions(-) diff --git a/security/heimdal-devel/Makefile b/security/heimdal-devel/Makefile index 7953a8364e8c..5d03e274c83c 100644 --- a/security/heimdal-devel/Makefile +++ b/security/heimdal-devel/Makefile @@ -1,6 +1,6 @@ PORTNAME= heimdal PORTVERSION= ${HEIMDAL_COMMIT_DATE} -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= security PKGNAMESUFFIX= -devel HASH= 8f9c2d115 diff --git a/security/heimdal-devel/files/patch-lib_krb5_recvauth.c b/security/heimdal-devel/files/patch-lib_krb5_recvauth.c new file mode 100644 index 000000000000..95d8acf15baf --- /dev/null +++ b/security/heimdal-devel/files/patch-lib_krb5_recvauth.c @@ -0,0 +1,42 @@ +--- lib/krb5/recvauth.c.orig 2022-09-15 16:54:19.000000000 -0700 ++++ lib/krb5/recvauth.c 2022-11-21 14:37:31.130429000 -0800 +@@ -98,7 +98,7 @@ + const char *version = KRB5_SENDAUTH_VERSION; + char her_version[sizeof(KRB5_SENDAUTH_VERSION)]; + char *her_appl_version; +- uint32_t len; ++ uint32_t len, bytes; + u_char repl; + krb5_data data; + krb5_flags ap_options; +@@ -166,15 +166,21 @@ + krb5_net_write (context, p_fd, &repl, 1); + return krb5_enomem(context); + } +- if (krb5_net_read (context, p_fd, her_appl_version, len) != len +- || !(*match_appl_version)(match_data, her_appl_version)) { +- repl = 2; +- krb5_net_write (context, p_fd, &repl, 1); +- krb5_set_error_message(context, KRB5_SENDAUTH_BADAPPLVERS, +- N_("wrong sendauth application version (%s)", ""), +- her_appl_version); +- free (her_appl_version); +- return KRB5_SENDAUTH_BADAPPLVERS; ++ if ((bytes = krb5_net_read (context, p_fd, her_appl_version, len))) { ++ /* PR/267884: String read must always conatain a terminating NUL */ ++ if (strnlen(her_appl_version, len) == len) ++ her_appl_version[len-1] = '\0'; ++ ++ if (bytes != len || ++ !(*match_appl_version)(match_data, her_appl_version)) { ++ repl = 2; ++ krb5_net_write (context, p_fd, &repl, 1); ++ krb5_set_error_message(context, KRB5_SENDAUTH_BADAPPLVERS, ++ N_("wrong sendauth application version (%s)", ""), ++ her_appl_version); ++ free (her_appl_version); ++ return KRB5_SENDAUTH_BADAPPLVERS; ++ } + } + free (her_appl_version); + diff --git a/security/heimdal/Makefile b/security/heimdal/Makefile index 6508bf471ee0..3d92a0c2fd3b 100644 --- a/security/heimdal/Makefile +++ b/security/heimdal/Makefile @@ -1,6 +1,6 @@ PORTNAME= heimdal PORTVERSION= 7.8.0 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= security MASTER_SITES= https://github.com/heimdal/heimdal/releases/download/${DISTNAME}/ diff --git a/security/heimdal/files/patch-lib_krb5_recvauth.c b/security/heimdal/files/patch-lib_krb5_recvauth.c new file mode 100644 index 000000000000..95d8acf15baf --- /dev/null +++ b/security/heimdal/files/patch-lib_krb5_recvauth.c @@ -0,0 +1,42 @@ +--- lib/krb5/recvauth.c.orig 2022-09-15 16:54:19.000000000 -0700 ++++ lib/krb5/recvauth.c 2022-11-21 14:37:31.130429000 -0800 +@@ -98,7 +98,7 @@ + const char *version = KRB5_SENDAUTH_VERSION; + char her_version[sizeof(KRB5_SENDAUTH_VERSION)]; + char *her_appl_version; +- uint32_t len; ++ uint32_t len, bytes; + u_char repl; + krb5_data data; + krb5_flags ap_options; +@@ -166,15 +166,21 @@ + krb5_net_write (context, p_fd, &repl, 1); + return krb5_enomem(context); + } +- if (krb5_net_read (context, p_fd, her_appl_version, len) != len +- || !(*match_appl_version)(match_data, her_appl_version)) { +- repl = 2; +- krb5_net_write (context, p_fd, &repl, 1); +- krb5_set_error_message(context, KRB5_SENDAUTH_BADAPPLVERS, +- N_("wrong sendauth application version (%s)", ""), +- her_appl_version); +- free (her_appl_version); +- return KRB5_SENDAUTH_BADAPPLVERS; ++ if ((bytes = krb5_net_read (context, p_fd, her_appl_version, len))) { ++ /* PR/267884: String read must always conatain a terminating NUL */ ++ if (strnlen(her_appl_version, len) == len) ++ her_appl_version[len-1] = '\0'; ++ ++ if (bytes != len || ++ !(*match_appl_version)(match_data, her_appl_version)) { ++ repl = 2; ++ krb5_net_write (context, p_fd, &repl, 1); ++ krb5_set_error_message(context, KRB5_SENDAUTH_BADAPPLVERS, ++ N_("wrong sendauth application version (%s)", ""), ++ her_appl_version); ++ free (her_appl_version); ++ return KRB5_SENDAUTH_BADAPPLVERS; ++ } + } + free (her_appl_version); +