From nobody Thu Mar 14 22:12:57 2024 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TwhTP2zJlz5DhVW; Thu, 14 Mar 2024 22:12:57 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4TwhTP1phzz50kB; Thu, 14 Mar 2024 22:12:57 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1710454377; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=R/s6C3rDXpV7koPFbI5Os+hrNRZIeOyp2qbyGmkZvtg=; b=nqtEYt1Zh/oZ1scjmM6OCJAwe7rQCHVhbQ08ueyfqc/FxNQNKD4tNbBbON7EUUlp5sqHFY a7M0/VR6+IZc93gwYhNhE5LHzxAsMZcEwjBhyA5RGYrDaRjjCrpTVMU2+GLVUvvmlmvX03 kWnkWf9ZAZoLp3Zrq7on0RqslLW6svZanbjkD/K0cdTitN7Eat0uTYe2X9cQVWswpnz5JC dfGRKB1Ep2vQtidVfpB6mKTzRFWEi/M6b3AnOvd6osYHuluWYkPZU6cg2Dhuv0R0l+0JB5 G6oxH3nu2iAAzkXZ3/4RaVuXTjvpY0d2IdBgvcJ3t5wjyWoeRU0gxOZ8WekI6A== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1710454377; a=rsa-sha256; cv=none; b=yQe9BtkX/MqpIvAW7kc2Q0EPshyv1uoiM8HTj8xTa7Njx/z1jiy6vr/J9XMKI+i09owbgS 5ggrUYp/6+8P8h7QESnIGpUhbB0BiX+NH9KXlmt5IkK7T/F3D2x5vMPmFx8kPQSycpznzt c8nrlcFofNqESYA9syfpxn9TbR2k+UHqrif0fW3B2vAgwjjFcjbLI5zQrgjc2owhsTFZfd GUQBjRmOGmqAFt0xBccqYhFTL4XlM2HOIhl/YJhjcpxDWnm/6kYO3oxFpUSBDoHuOQTmG/ TXFiJEPhdo9407H+BP/IpxcQvijMclAqICIBc4pWj6u/+AmlwN4ykBujN06mMg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1710454377; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=R/s6C3rDXpV7koPFbI5Os+hrNRZIeOyp2qbyGmkZvtg=; b=CV5dpxCLEm8u8KXzjF/Z0kxJQSTF3QsjDuJWDwmhrYp+8gdl0KizW/7A6AQjK/IuNiobOF 09+7vpQH0oeCsTCmO2+NY+sBccv0yhNFwUPcr4Gx+EwPSP8aGGyE9LOqMZwencOnLHq+l4 mOWO55N7kPGM6UgLBPuzD8bG+aSzhbjqcQUXaNU9Mhm6C6IVkhH1mseW3AUJ5sWM571SpH Bz7X2opoaq7IgD/R8MRIE+UOv4tUdfvA6N97u0WluPscb+Wnypa/TZ5r+1XPsVxf+DX8Hj XdfhT0ZW3yul4GFiDkXHLVmGT7jikDySFFP8eLUyOblOcUFnJY5g8C57TjTPlA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4TwhTP1QBVzlnm; Thu, 14 Mar 2024 22:12:57 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 42EMCvop008414; Thu, 14 Mar 2024 22:12:57 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 42EMCv4W008411; Thu, 14 Mar 2024 22:12:57 GMT (envelope-from git) Date: Thu, 14 Mar 2024 22:12:57 GMT Message-Id: <202403142212.42EMCv4W008411@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Cy Schubert Subject: git: f8c431634285 - main - security/heimdal: Fix uninitialized pointer dereference List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: cy X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: f8c4316342857a4fa4a05c1cb6ab16992faddb69 Auto-Submitted: auto-generated The branch main has been updated by cy: URL: https://cgit.FreeBSD.org/ports/commit/?id=f8c4316342857a4fa4a05c1cb6ab16992faddb69 commit f8c4316342857a4fa4a05c1cb6ab16992faddb69 Author: Cy Schubert AuthorDate: 2022-11-26 16:27:08 +0000 Commit: Cy Schubert CommitDate: 2024-03-14 22:12:36 +0000 security/heimdal: Fix uninitialized pointer dereference krb5_ret_preincipal() returns a non-zero return code when a garbage principal is passed to it. Unfortunately ret_principal_ent() does not check the return code, with garbage pointing to what would have been the principal. This results in a segfault when free() is called. PR: 267944, 267972 Reported by: Robert Morris MFH: 2024Q1 --- security/heimdal/Makefile | 2 +- security/heimdal/files/patch-lib_kadm5_marshall.c | 31 +++++++++++++++++++++-- 2 files changed, 30 insertions(+), 3 deletions(-) diff --git a/security/heimdal/Makefile b/security/heimdal/Makefile index cdef0c697067..3508ad2f8f0c 100644 --- a/security/heimdal/Makefile +++ b/security/heimdal/Makefile @@ -1,6 +1,6 @@ PORTNAME= heimdal PORTVERSION= 7.8.0 -PORTREVISION= 7 +PORTREVISION= 8 CATEGORIES= security MASTER_SITES= https://github.com/heimdal/heimdal/releases/download/${DISTNAME}/ diff --git a/security/heimdal/files/patch-lib_kadm5_marshall.c b/security/heimdal/files/patch-lib_kadm5_marshall.c index d44311d5edbf..8e01bbe30354 100644 --- a/security/heimdal/files/patch-lib_kadm5_marshall.c +++ b/security/heimdal/files/patch-lib_kadm5_marshall.c @@ -1,6 +1,33 @@ --- lib/kadm5/marshall.c.orig 2022-09-15 16:54:19.000000000 -0700 -+++ lib/kadm5/marshall.c 2022-11-24 08:47:40.099673000 -0800 -@@ -407,10 +407,40 @@ ++++ lib/kadm5/marshall.c 2022-11-26 08:20:41.302104000 -0800 +@@ -261,9 +261,9 @@ + int i; + int32_t tmp; + +- if (mask & KADM5_PRINCIPAL) +- krb5_ret_principal(sp, &princ->principal); +- ++ if (mask & KADM5_PRINCIPAL) ++ if (krb5_ret_principal(sp, &princ->principal)) ++ return EINVAL; + if (mask & KADM5_PRINC_EXPIRE_TIME) { + krb5_ret_int32(sp, &tmp); + princ->princ_expire_time = tmp; +@@ -282,9 +282,10 @@ + } + if (mask & KADM5_MOD_NAME) { + krb5_ret_int32(sp, &tmp); +- if(tmp) +- krb5_ret_principal(sp, &princ->mod_name); +- else ++ if(tmp) { ++ if (krb5_ret_principal(sp, &princ->mod_name)) ++ return EINVAL; ++ } else + princ->mod_name = NULL; + } + if (mask & KADM5_MOD_TIME) { +@@ -407,10 +408,40 @@ ret = krb5_ret_int32(sp, &mask); if (ret) goto out;