diff options
author | Leonardo Arena <rnalrd@gmail.com> | 2010-03-18 07:51:25 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2010-03-18 10:13:05 +0000 |
commit | a984987efa2e80601bea6fb44ab28c786850acd4 (patch) | |
tree | ac06d6a497edf1839c019d2795f6c3b045d2834a | |
parent | 65595048ad399d736e296201aaced08c6b0cb8e0 (diff) | |
download | alpine_aports-a984987efa2e80601bea6fb44ab28c786850acd4.tar.bz2 alpine_aports-a984987efa2e80601bea6fb44ab28c786850acd4.tar.xz alpine_aports-a984987efa2e80601bea6fb44ab28c786850acd4.zip |
main/heimdal: filter invalid enctypes instead of rejecting
(cherry picked from commit 265b5747b9dd90b6a6f06b2b8f60618083ebd61b)
-rw-r--r-- | main/heimdal/APKBUILD | 7 | ||||
-rw-r--r-- | main/heimdal/return-invalid-enctype-for-weak-crypto.patch | 48 |
2 files changed, 53 insertions, 2 deletions
diff --git a/main/heimdal/APKBUILD b/main/heimdal/APKBUILD index 139539e195..e98d9cf016 100644 --- a/main/heimdal/APKBUILD +++ b/main/heimdal/APKBUILD | |||
@@ -2,7 +2,7 @@ | |||
2 | # Contributor: Natanael Copa <ncopa@alpinelinux.org> | 2 | # Contributor: Natanael Copa <ncopa@alpinelinux.org> |
3 | pkgname=heimdal | 3 | pkgname=heimdal |
4 | pkgver=1.3.1 | 4 | pkgver=1.3.1 |
5 | pkgrel=3 | 5 | pkgrel=4 |
6 | pkgdesc="An implementation of Kerberos 5" | 6 | pkgdesc="An implementation of Kerberos 5" |
7 | url="http://www.h5l.org/" | 7 | url="http://www.h5l.org/" |
8 | license="BSD" | 8 | license="BSD" |
@@ -22,6 +22,7 @@ source="http://www.h5l.org/dist/src/$pkgname-$pkgver.tar.gz | |||
22 | 100-check-com_err-pthread.patch | 22 | 100-check-com_err-pthread.patch |
23 | heimdal-c++-safe-krb5_cccol_cursor.patch | 23 | heimdal-c++-safe-krb5_cccol_cursor.patch |
24 | heimdal-locate_plugin-header.patch | 24 | heimdal-locate_plugin-header.patch |
25 | return-invalid-enctype-for-weak-crypto.patch | ||
25 | " | 26 | " |
26 | 27 | ||
27 | # krb5.h needs com_err.h | 28 | # krb5.h needs com_err.h |
@@ -41,6 +42,7 @@ prepare() { | |||
41 | patch -Np1 -i ../100-check-com_err-pthread.patch || return 1 | 42 | patch -Np1 -i ../100-check-com_err-pthread.patch || return 1 |
42 | patch -Np1 -i ../heimdal-c++-safe-krb5_cccol_cursor.patch || return 1 | 43 | patch -Np1 -i ../heimdal-c++-safe-krb5_cccol_cursor.patch || return 1 |
43 | patch -Np1 -i ../heimdal-locate_plugin-header.patch || return 1 | 44 | patch -Np1 -i ../heimdal-locate_plugin-header.patch || return 1 |
45 | patch -Np1 -i ../return-invalid-enctype-for-weak-crypto.patch || return 1 | ||
44 | 46 | ||
45 | # name clash with ruserpass in netdb.h | 47 | # name clash with ruserpass in netdb.h |
46 | sed -i -e 's/ruserpass/ruserpw/g' appl/ftp/ftp/*.[ch] || return 1 | 48 | sed -i -e 's/ruserpass/ruserpw/g' appl/ftp/ftp/*.[ch] || return 1 |
@@ -176,4 +178,5 @@ md5sums="4ce17deae040a3519e542f48fd901f21 heimdal-1.3.1.tar.gz | |||
176 | 8208ae8c0b6ff5ab4f64af1693e9e396 014_all_heimdal-path.patch | 178 | 8208ae8c0b6ff5ab4f64af1693e9e396 014_all_heimdal-path.patch |
177 | e73205200f9641b5d969427ffb04282a 100-check-com_err-pthread.patch | 179 | e73205200f9641b5d969427ffb04282a 100-check-com_err-pthread.patch |
178 | 7ebff9a320f18ed62f5fcb68c8fc18b8 heimdal-c++-safe-krb5_cccol_cursor.patch | 180 | 7ebff9a320f18ed62f5fcb68c8fc18b8 heimdal-c++-safe-krb5_cccol_cursor.patch |
179 | 248ab80b44568171e432a23524f4fe39 heimdal-locate_plugin-header.patch" | 181 | 248ab80b44568171e432a23524f4fe39 heimdal-locate_plugin-header.patch |
182 | a8342f77a1aedb4f332983bcbf141827 return-invalid-enctype-for-weak-crypto.patch" | ||
diff --git a/main/heimdal/return-invalid-enctype-for-weak-crypto.patch b/main/heimdal/return-invalid-enctype-for-weak-crypto.patch new file mode 100644 index 0000000000..c8ce39fefe --- /dev/null +++ b/main/heimdal/return-invalid-enctype-for-weak-crypto.patch | |||
@@ -0,0 +1,48 @@ | |||
1 | --- a/lib/krb5/context.c | ||
2 | +++ b/lib/krb5/context.c | ||
3 | @@ -825,23 +825,33 @@ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL | ||
4 | krb5_set_default_in_tkt_etypes(krb5_context context, | ||
5 | const krb5_enctype *etypes) | ||
6 | { | ||
7 | + krb5_error_code ret; | ||
8 | krb5_enctype *p = NULL; | ||
9 | - int i; | ||
10 | + unsigned int n, m; | ||
11 | |||
12 | if(etypes) { | ||
13 | - for (i = 0; etypes[i]; ++i) { | ||
14 | - krb5_error_code ret; | ||
15 | - ret = krb5_enctype_valid(context, etypes[i]); | ||
16 | - if (ret) | ||
17 | - return ret; | ||
18 | - } | ||
19 | - ++i; | ||
20 | - ALLOC(p, i); | ||
21 | + for (n = 0; etypes[n]; n++) | ||
22 | + ; | ||
23 | + n++; | ||
24 | + ALLOC(p, n); | ||
25 | if(!p) { | ||
26 | - krb5_set_error_message (context, ENOMEM, N_("malloc: out of memory", "")); | ||
27 | + krb5_set_error_message (context, ENOMEM, | ||
28 | + N_("malloc: out of memory", "")); | ||
29 | return ENOMEM; | ||
30 | } | ||
31 | - memmove(p, etypes, i * sizeof(krb5_enctype)); | ||
32 | + for (n = 0, m = 0; etypes[n]; n++) { | ||
33 | + ret = krb5_enctype_valid(context, etypes[n]); | ||
34 | + if (ret) | ||
35 | + continue; | ||
36 | + p[m++] = etypes[n]; | ||
37 | + } | ||
38 | + p[m] = ETYPE_NULL; | ||
39 | + if (m == 0) { | ||
40 | + free(p); | ||
41 | + krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP, | ||
42 | + N_("no valid enctype set", "")); | ||
43 | + return KRB5_PROG_ETYPE_NOSUPP; | ||
44 | + } | ||
45 | } | ||
46 | if(context->etypes) | ||
47 | free(context->etypes); | ||
48 | |||