slackware-current/patches/source/krb5/5ad465bc8e0d957a4945218bea487b77622bf433.patch

From 5ad465bc8e0d957a4945218bea487b77622bf433 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Fri, 3 Jun 2022 14:30:42 -0400
Subject: [PATCH] Fix memory leak in OTP kdcpreauth module

In otp_edata(), free the generated nonce.

ticket: 9063 (new)
tags: pullup
target_version: 1.20-next
target_version: 1.19-next
---
 src/plugins/preauth/otp/main.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/plugins/preauth/otp/main.c b/src/plugins/preauth/otp/main.c
index 119714f994..0e682aae58 100644
--- a/src/plugins/preauth/otp/main.c
+++ b/src/plugins/preauth/otp/main.c
@@ -228,7 +228,7 @@ otp_edata(krb5_context context, krb5_kdc_req *request,
     krb5_pa_otp_challenge chl;
     krb5_pa_data *pa = NULL;
     krb5_error_code retval;
-    krb5_data *encoding;
+    krb5_data *encoding, nonce = empty_data();
     char *config;
 
     /* Determine if otp is enabled for the user. */
@@ -256,9 +256,10 @@ otp_edata(krb5_context context, krb5_kdc_req *request,
     ti.iteration_count = -1;
 
     /* Generate the nonce. */
-    retval = nonce_generate(context, armor_key->length, &chl.nonce);
+    retval = nonce_generate(context, armor_key->length, &nonce);
     if (retval != 0)
         goto out;
+    chl.nonce = nonce;
 
     /* Build the output pa-data. */
     retval = encode_krb5_pa_otp_challenge(&chl, &encoding);
@@ -275,6 +276,7 @@ otp_edata(krb5_context context, krb5_kdc_req *request,
     free(encoding);
 
 out:
+    krb5_free_data_contents(context, &nonce);
     (*respond)(arg, retval, pa);
 }
Thu Nov 17 01:49:28 UTC 2022 patches/packages/krb5-1.19.2-x86_64-3_slack15.0.txz: Rebuilt. Fixed integer overflows in PAC parsing. Fixed memory leak in OTP kdcpreauth module. Fixed PKCS11 module path search. For more information, see: https://www.cve.org/CVERecord?id=CVE-2022-42898 (* Security fix ) patches/packages/mozilla-firefox-102.5.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/102.5.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2022-48/ https://www.cve.org/CVERecord?id=CVE-2022-45403 https://www.cve.org/CVERecord?id=CVE-2022-45404 https://www.cve.org/CVERecord?id=CVE-2022-45405 https://www.cve.org/CVERecord?id=CVE-2022-45406 https://www.cve.org/CVERecord?id=CVE-2022-45408 https://www.cve.org/CVERecord?id=CVE-2022-45409 https://www.cve.org/CVERecord?id=CVE-2022-45410 https://www.cve.org/CVERecord?id=CVE-2022-45411 https://www.cve.org/CVERecord?id=CVE-2022-45412 https://www.cve.org/CVERecord?id=CVE-2022-45416 https://www.cve.org/CVERecord?id=CVE-2022-45418 https://www.cve.org/CVERecord?id=CVE-2022-45420 https://www.cve.org/CVERecord?id=CVE-2022-45421 ( Security fix ) patches/packages/mozilla-thunderbird-102.5.0-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/102.5.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/ https://www.cve.org/CVERecord?id=CVE-2022-45403 https://www.cve.org/CVERecord?id=CVE-2022-45404 https://www.cve.org/CVERecord?id=CVE-2022-45405 https://www.cve.org/CVERecord?id=CVE-2022-45406 https://www.cve.org/CVERecord?id=CVE-2022-45408 https://www.cve.org/CVERecord?id=CVE-2022-45409 https://www.cve.org/CVERecord?id=CVE-2022-45410 https://www.cve.org/CVERecord?id=CVE-2022-45411 https://www.cve.org/CVERecord?id=CVE-2022-45412 https://www.cve.org/CVERecord?id=CVE-2022-45416 https://www.cve.org/CVERecord?id=CVE-2022-45418 https://www.cve.org/CVERecord?id=CVE-2022-45420 https://www.cve.org/CVERecord?id=CVE-2022-45421 ( Security fix ) patches/packages/samba-4.15.12-x86_64-1_slack15.0.txz: Upgraded. Fixed a security issue where Samba's Kerberos libraries and AD DC failed to guard against integer overflows when parsing a PAC on a 32-bit system, which allowed an attacker with a forged PAC to corrupt the heap. For more information, see: https://www.samba.org/samba/security/CVE-2022-42898.html https://www.cve.org/CVERecord?id=CVE-2022-42898 ( Security fix *) patches/packages/xfce4-settings-4.16.5-x86_64-1_slack15.0.txz: Upgraded. This update fixes regressions in the previous security fix: mime-settings: Properly quote command parameters. Revert "Escape characters which do not belong into an URI/URL (Issue #390)." 2022-11-17 02:49:28 +01:00			`From 5ad465bc8e0d957a4945218bea487b77622bf433 Mon Sep 17 00:00:00 2001`
			`From: Greg Hudson <ghudson@mit.edu>`
			`Date: Fri, 3 Jun 2022 14:30:42 -0400`
			`Subject: [PATCH] Fix memory leak in OTP kdcpreauth module`

			`In otp_edata(), free the generated nonce.`

			`ticket: 9063 (new)`
			`tags: pullup`
			`target_version: 1.20-next`
			`target_version: 1.19-next`
			`---`
			`src/plugins/preauth/otp/main.c \| 6 ++++--`
			`1 file changed, 4 insertions(+), 2 deletions(-)`

			`diff --git a/src/plugins/preauth/otp/main.c b/src/plugins/preauth/otp/main.c`
			`index 119714f994..0e682aae58 100644`
			`--- a/src/plugins/preauth/otp/main.c`
			`+++ b/src/plugins/preauth/otp/main.c`
			`@@ -228,7 +228,7 @@ otp_edata(krb5_context context, krb5_kdc_req *request,`
			`krb5_pa_otp_challenge chl;`
			`krb5_pa_data *pa = NULL;`
			`krb5_error_code retval;`
			`- krb5_data *encoding;`
			`+ krb5_data *encoding, nonce = empty_data();`
			`char *config;`

			`/* Determine if otp is enabled for the user. */`
			`@@ -256,9 +256,10 @@ otp_edata(krb5_context context, krb5_kdc_req *request,`
			`ti.iteration_count = -1;`

			`/* Generate the nonce. */`
			`- retval = nonce_generate(context, armor_key->length, &chl.nonce);`
			`+ retval = nonce_generate(context, armor_key->length, &nonce);`
			`if (retval != 0)`
			`goto out;`
			`+ chl.nonce = nonce;`

			`/* Build the output pa-data. */`
			`retval = encode_krb5_pa_otp_challenge(&chl, &encoding);`
			`@@ -275,6 +276,7 @@ otp_edata(krb5_context context, krb5_kdc_req *request,`
			`free(encoding);`

			`out:`
			`+ krb5_free_data_contents(context, &nonce);`
			`(*respond)(arg, retval, pa);`
			`}`