From nobody Wed Feb 21 13:44:20 2024
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TfyDj2NPQz5CCZ8;
	Wed, 21 Feb 2024 13:44:21 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4TfyDj1bz5z4dh7;
	Wed, 21 Feb 2024 13:44:21 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1708523061;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=DEPmYaEBk6QCh7ZVvWuAwE1eSo+Y3KZPd15jqgf0jEs=;
	b=G6alDlRXZ+LlBXVbRnLzJuZiwsn4sN6elQJuJrTJnCfV6PInTmn5iOd0cwQmiYHguLwp9q
	i3a3Fm1En8PDb/dfam3ATZyMqg4w1UNuyuKOZVX0OlEXvMUikGtIuSUoUvcmO3+SAurYvQ
	07M+AH82eROBX0BP7fTy1TkiLxDOFoKk3Sy+OJ37pP13XMS4jQknh4tORbgq1sPPfobkXs
	MofmvZShj8J+81ONeQ8703rwfmYmFFmi6ReRsKUoLbUIpne8Hl3mHDXTOvwrBFPDLXL6IY
	xbvpkWv51JbpriDyKfsg8Ap/KRUdvU7REVjNYfxImvBby2Ioh2qYAVWRNFlNtg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1708523061;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=DEPmYaEBk6QCh7ZVvWuAwE1eSo+Y3KZPd15jqgf0jEs=;
	b=UfEr2JUAOZZsojfZ4aEBg8fclgOuKH/LFI4348JQfL0lXqXbDCC694uX2nNH0chwOpyzvE
	ORlDDZdc0HwSwpGAMbkhj7YTTd+lQhAeKoUlppEvhtvNq00cy7fvt9JaWCWeT4Vih6W7q2
	jOWFM7HdHlhU64Qo0FWDFNxRJFingq+m472kB8ulPna+DM2Nphd7D3M9Q4U0694Dpx2sz5
	UZdsqR6jr+LXmtMOygGdNq/p/bWsst9lqm6m2cPwpWDdJaZq4EC+7+JGYIwzxYPjERBTYx
	19uu2phiuh0m1JiQpwp5sJCTl9kHuTce9Gm6EAYq2Y7kXiTwcc2ObjOO545tAg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1708523061; a=rsa-sha256; cv=none;
	b=pDSN8wsjt0t+p0Qr2nrInXDS1btDrHdyjFbkikK5fqszX3VuVLb5ImS8BFStHWjEF6pfnB
	UXxJC1WR19a9iKCxkF+8dhJ2DiAN28nGmYDwbWkcMMaSJVR3fy02js5YoU0+eBolwZSXMK
	FdXis7+Y/1QlAzuE3jq97l0UTwV1MqC6ISLfVsa21QSVFDsWsxy1UgE1W8YujmC18yPt/w
	ON9DII6KSdumqIbUkHDQNRMdr8kWLWJR0VfiYGz/gDjBiAyRSd72qJuYgDIo4oU9JS2u8U
	XKWOXszzz28NjS8oF1F/g9nqyQG/D3cZ80AuA/lFqTvcy6i642TrDtsikJWP2A==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4TfyDj0NFGz14ct;
	Wed, 21 Feb 2024 13:44:21 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 41LDiKFD048806;
	Wed, 21 Feb 2024 13:44:20 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 41LDiKqM048803;
	Wed, 21 Feb 2024 13:44:20 GMT
	(envelope-from git)
Date: Wed, 21 Feb 2024 13:44:20 GMT
Message-Id: <202402211344.41LDiKqM048803@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Cy Schubert <cy@FreeBSD.org>
Subject: git: 143a962d0e87 - stable/13 - Heimdal: CVE-2018-16860
  Heimdal KDC: Reject PA-S4U2Self with unkeyed checksum
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-all@freebsd.org
X-BeenThere: dev-commits-src-all@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: cy
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: 143a962d0e871c60b91589aa1045afdeca13742b
Auto-Submitted: auto-generated

The branch stable/13 has been updated by cy:

URL: https://cgit.FreeBSD.org/src/commit/?id=143a962d0e871c60b91589aa1045afdeca13742b

commit 143a962d0e871c60b91589aa1045afdeca13742b
Author:     Cy Schubert <cy@FreeBSD.org>
AuthorDate: 2024-02-14 20:04:30 +0000
Commit:     Cy Schubert <cy@FreeBSD.org>
CommitDate: 2024-02-21 13:44:08 +0000

    Heimdal: CVE-2018-16860 Heimdal KDC: Reject PA-S4U2Self with unkeyed checksum
    
    Upstream's explanation of the problem:
    
        S4U2Self is an extension to Kerberos used in Active Directory to allow
        a service to request a kerberos ticket to itself from the Kerberos Key
        Distribution Center (KDC) for a non-Kerberos authenticated user
        (principal in Kerboros parlance). This is useful to allow internal
        code paths to be standardized around Kerberos.
    
        S4U2Proxy (constrained-delegation) is an extension of this mechanism
        allowing this impersonation to a second service over the network. It
        allows a privileged server that obtained a S4U2Self ticket to itself
        to then assert the identity of that principal to a second service and
        present itself as that principal to get services from the second
        service.
    
        There is a flaw in Samba's AD DC in the Heimdal KDC. When the Heimdal
        KDC checks the checksum that is placed on the S4U2Self packet by the
        server to protect the requested principal against modification, it
        does not confirm that the checksum algorithm that protects the user
        name (principal) in the request is keyed.  This allows a
        man-in-the-middle attacker who can intercept the request to the KDC to
        modify the packet by replacing the user name (principal) in the
        request with any desired user name (principal) that exists in the KDC
        and replace the checksum protecting that name with a CRC32 checksum
        (which requires no prior knowledge to compute).
    
        This would allow a S4U2Self ticket requested on behalf of user name
        (principal) user@EXAMPLE.COM to any service to be changed to a
        S4U2Self ticket with a user name (principal) of
        Administrator@EXAMPLE.COM. This ticket would then contain the PAC of
        the modified user name (principal).
    
    Reported by:    emaste
    Security:       CVE-2018-16860
    Obtained from:  Upstream c6257cc2c
    
    (cherry picked from commit 24339377490f9e362d040712b534d2963decd2d7)
---
 crypto/heimdal/kdc/krb5tgs.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/crypto/heimdal/kdc/krb5tgs.c b/crypto/heimdal/kdc/krb5tgs.c
index cde869522e23..cf1cd3dc1ad0 100644
--- a/crypto/heimdal/kdc/krb5tgs.c
+++ b/crypto/heimdal/kdc/krb5tgs.c
@@ -1892,6 +1892,13 @@ server_lookup:
 		goto out;
 	    }
 
+	    if (!krb5_checksum_is_keyed(context, self.cksum.cksumtype)) {
+		free_PA_S4U2Self(&self);
+		kdc_log(context, config, 0, "Reject PA-S4U2Self with unkeyed checksum");
+		ret = KRB5KRB_AP_ERR_INAPP_CKSUM;
+		goto out;
+	    }
+
 	    ret = _krb5_s4u2self_to_checksumdata(context, &self, &datack);
 	    if (ret)
 		goto out;