diff -Naur -x '*.orig' -x '*.rej' krb5-1.12.5/src/lib/gssapi/mechglue/g_accept_sec_context.c krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_accept_sec_context.c
--- krb5-1.12.5/src/lib/gssapi/mechglue/g_accept_sec_context.c 2015-12-16 21:35:51.000000000 +0100
+++ krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_accept_sec_context.c 2017-11-11 15:57:11.560491865 +0100
@@ -185,6 +185,8 @@
} else {
union_ctx_id = (gss_union_ctx_id_t)*context_handle;
selected_mech = union_ctx_id->mech_type;
+ if (union_ctx_id->internal_ctx_id == GSS_C_NO_CONTEXT)
+ return (GSS_S_NO_CONTEXT);
}
/* Now create a new context if we didn't get one. */
@@ -203,9 +205,6 @@
free(union_ctx_id);
return (status);
}
-
- /* set the new context handle to caller's data */
- *context_handle = (gss_ctx_id_t)union_ctx_id;
}
/*
@@ -243,8 +242,10 @@
d_cred ? &tmp_d_cred : NULL);
/* If there's more work to do, keep going... */
- if (status == GSS_S_CONTINUE_NEEDED)
+ if (status == GSS_S_CONTINUE_NEEDED) {
+ *context_handle = (gss_ctx_id_t)union_ctx_id;
return GSS_S_CONTINUE_NEEDED;
+ }
/* if the call failed, return with failure */
if (status != GSS_S_COMPLETE) {
@@ -330,14 +331,22 @@
*mech_type = gssint_get_public_oid(actual_mech);
if (ret_flags != NULL)
*ret_flags = temp_ret_flags;
- return (status);
+ *context_handle = (gss_ctx_id_t)union_ctx_id;
+ return GSS_S_COMPLETE;
} else {
status = GSS_S_BAD_MECH;
}
error_out:
- if (union_ctx_id) {
+ /*
+ * RFC 2744 5.1 requires that we not create a context on a failed first
+ * call to accept, and recommends that on a failed subsequent call we
+ * make the caller responsible for calling gss_delete_sec_context.
+ * Even if the mech deleted its context, keep the union context around
+ * for the caller to delete.
+ */
+ if (union_ctx_id && *context_handle == GSS_C_NO_CONTEXT) {
if (union_ctx_id->mech_type) {
if (union_ctx_id->mech_type->elements)
free(union_ctx_id->mech_type->elements);
@@ -350,7 +359,6 @@
GSS_C_NO_BUFFER);
}
free(union_ctx_id);
- *context_handle = GSS_C_NO_CONTEXT;
}
if (src_name)
diff -Naur -x '*.orig' -x '*.rej' krb5-1.12.5/src/lib/gssapi/mechglue/g_complete_auth_token.c krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_complete_auth_token.c
--- krb5-1.12.5/src/lib/gssapi/mechglue/g_complete_auth_token.c 2015-12-16 21:35:51.000000000 +0100
+++ krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_complete_auth_token.c 2017-11-11 15:57:11.560491865 +0100
@@ -52,6 +52,8 @@
*/
ctx = (gss_union_ctx_id_t) context_handle;
+ if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
+ return GSS_S_NO_CONTEXT;
mech = gssint_get_mechanism (ctx->mech_type);
if (mech != NULL) {
diff -Naur -x '*.orig' -x '*.rej' krb5-1.12.5/src/lib/gssapi/mechglue/g_context_time.c krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_context_time.c
--- krb5-1.12.5/src/lib/gssapi/mechglue/g_context_time.c 2015-12-16 21:35:51.000000000 +0100
+++ krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_context_time.c 2017-11-11 15:57:11.560491865 +0100
@@ -58,6 +58,8 @@
*/
ctx = (gss_union_ctx_id_t) context_handle;
+ if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
+ return (GSS_S_NO_CONTEXT);
mech = gssint_get_mechanism (ctx->mech_type);
if (mech) {
diff -Naur -x '*.orig' -x '*.rej' krb5-1.12.5/src/lib/gssapi/mechglue/g_delete_sec_context.c krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_delete_sec_context.c
--- krb5-1.12.5/src/lib/gssapi/mechglue/g_delete_sec_context.c 2015-12-16 21:35:51.000000000 +0100
+++ krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_delete_sec_context.c 2017-11-11 15:57:11.560491865 +0100
@@ -87,12 +87,14 @@
if (GSSINT_CHK_LOOP(ctx))
return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT);
- status = gssint_delete_internal_sec_context(minor_status,
- ctx->mech_type,
- &ctx->internal_ctx_id,
- output_token);
- if (status)
- return status;
+ if (ctx->internal_ctx_id != GSS_C_NO_CONTEXT) {
+ status = gssint_delete_internal_sec_context(minor_status,
+ ctx->mech_type,
+ &ctx->internal_ctx_id,
+ output_token);
+ if (status)
+ return status;
+ }
/* now free up the space for the union context structure */
free(ctx->mech_type->elements);
diff -Naur -x '*.orig' -x '*.rej' krb5-1.12.5/src/lib/gssapi/mechglue/g_exp_sec_context.c krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_exp_sec_context.c
--- krb5-1.12.5/src/lib/gssapi/mechglue/g_exp_sec_context.c 2015-12-16 21:35:51.000000000 +0100
+++ krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_exp_sec_context.c 2017-11-11 15:57:11.560491865 +0100
@@ -89,6 +89,9 @@
if (status != GSS_S_COMPLETE)
return (status);
+ if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
+ return (GSS_S_NO_CONTEXT);
+
/*
* select the approprate underlying mechanism routine and
* call it.
diff -Naur -x '*.orig' -x '*.rej' krb5-1.12.5/src/lib/gssapi/mechglue/g_init_sec_context.c krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_init_sec_context.c
--- krb5-1.12.5/src/lib/gssapi/mechglue/g_init_sec_context.c 2017-11-11 15:56:36.572646348 +0100
+++ krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_init_sec_context.c 2017-11-11 15:59:22.642925403 +0100
@@ -192,8 +192,13 @@
/* copy the supplied context handle */
union_ctx_id->internal_ctx_id = GSS_C_NO_CONTEXT;
- } else
+ } else {
union_ctx_id = (gss_union_ctx_id_t)*context_handle;
+ if (union_ctx_id->internal_ctx_id == GSS_C_NO_CONTEXT) {
+ status = GSS_S_NO_CONTEXT;
+ goto end;
+ }
+ }
/*
* get the appropriate cred handle from the union cred struct.
@@ -224,11 +229,11 @@
if (status != GSS_S_COMPLETE && status != GSS_S_CONTINUE_NEEDED) {
/*
- * The spec says the preferred method is to delete all context info on
- * the first call to init, and on all subsequent calls make the caller
- * responsible for calling gss_delete_sec_context. However, if the
- * mechanism decided to delete the internal context, we should also
- * delete the union context.
+ * RFC 2744 5.19 requires that we not create a context on a failed
+ * first call to init, and recommends that on a failed subsequent call
+ * we make the caller responsible for calling gss_delete_sec_context.
+ * Even if the mech deleted its context, keep the union context around
+ * for the caller to delete.
*/
map_error(minor_status, mech);
if (union_ctx_id->internal_ctx_id == GSS_C_NO_CONTEXT)
diff -Naur -x '*.orig' -x '*.rej' krb5-1.12.5/src/lib/gssapi/mechglue/g_init_sec_context.c~ krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_init_sec_context.c~
--- krb5-1.12.5/src/lib/gssapi/mechglue/g_init_sec_context.c~ 1970-01-01 01:00:00.000000000 +0100
+++ krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_init_sec_context.c~ 2017-11-11 15:58:23.833177306 +0100
@@ -0,0 +1,259 @@
+/* #pragma ident "@(#)g_init_sec_context.c 1.20 03/10/24 SMI" */
+
+/*
+ * Copyright 1996 by Sun Microsystems, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of Sun Microsystems not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. Sun Microsystems makes no
+ * representations about the suitability of this software for any
+ * purpose. It is provided "as is" without express or implied warranty.
+ *
+ * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * glue routine for gss_init_sec_context
+ */
+
+#include "mglueP.h"
+#include <stdio.h>
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+#include <string.h>
+
+static OM_uint32
+val_init_sec_ctx_args(
+ OM_uint32 *minor_status,
+ gss_cred_id_t claimant_cred_handle,
+ gss_ctx_id_t *context_handle,
+ gss_name_t target_name,
+ gss_OID req_mech_type,
+ OM_uint32 req_flags,
+ OM_uint32 time_req,
+ gss_channel_bindings_t input_chan_bindings,
+ gss_buffer_t input_token,
+ gss_OID *actual_mech_type,
+ gss_buffer_t output_token,
+ OM_uint32 *ret_flags,
+ OM_uint32 *time_rec)
+{
+
+ /* Initialize outputs. */
+
+ if (minor_status != NULL)
+ *minor_status = 0;
+
+ if (actual_mech_type != NULL)
+ *actual_mech_type = GSS_C_NO_OID;
+
+ if (output_token != GSS_C_NO_BUFFER) {
+ output_token->length = 0;
+ output_token->value = NULL;
+ }
+
+ /* Validate arguments. */
+
+ if (minor_status == NULL)
+ return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+ if (context_handle == NULL)
+ return (GSS_S_CALL_INACCESSIBLE_WRITE | GSS_S_NO_CONTEXT);
+
+ if (target_name == NULL)
+ return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME);
+
+ if (output_token == NULL)
+ return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+ return (GSS_S_COMPLETE);
+}
+
+
+OM_uint32 KRB5_CALLCONV
+gss_init_sec_context (minor_status,
+ claimant_cred_handle,
+ context_handle,
+ target_name,
+ req_mech_type,
+ req_flags,
+ time_req,
+ input_chan_bindings,
+ input_token,
+ actual_mech_type,
+ output_token,
+ ret_flags,
+ time_rec)
+
+OM_uint32 * minor_status;
+gss_cred_id_t claimant_cred_handle;
+gss_ctx_id_t * context_handle;
+gss_name_t target_name;
+gss_OID req_mech_type;
+OM_uint32 req_flags;
+OM_uint32 time_req;
+gss_channel_bindings_t input_chan_bindings;
+gss_buffer_t input_token;
+gss_OID * actual_mech_type;
+gss_buffer_t output_token;
+OM_uint32 * ret_flags;
+OM_uint32 * time_rec;
+
+{
+ OM_uint32 status, temp_minor_status;
+ gss_union_name_t union_name;
+ gss_union_cred_t union_cred;
+ gss_name_t internal_name;
+ gss_union_ctx_id_t union_ctx_id;
+ gss_OID selected_mech;
+ gss_mechanism mech;
+ gss_cred_id_t input_cred_handle;
+
+ status = val_init_sec_ctx_args(minor_status,
+ claimant_cred_handle,
+ context_handle,
+ target_name,
+ req_mech_type,
+ req_flags,
+ time_req,
+ input_chan_bindings,
+ input_token,
+ actual_mech_type,
+ output_token,
+ ret_flags,
+ time_rec);
+ if (status != GSS_S_COMPLETE)
+ return (status);
+
+ status = gssint_select_mech_type(minor_status, req_mech_type,
+ &selected_mech);
+ if (status != GSS_S_COMPLETE)
+ return (status);
+
+ union_name = (gss_union_name_t)target_name;
+
+ /*
+ * obtain the gss mechanism information for the requested
+ * mechanism. If mech_type is NULL, set it to the resultant
+ * mechanism
+ */
+ mech = gssint_get_mechanism(selected_mech);
+ if (mech == NULL)
+ return (GSS_S_BAD_MECH);
+
+ if (mech->gss_init_sec_context == NULL)
+ return (GSS_S_UNAVAILABLE);
+
+ /*
+ * If target_name is mechanism_specific, then it must match the
+ * mech_type that we're about to use. Otherwise, do an import on
+ * the external_name form of the target name.
+ */
+ if (union_name->mech_type &&
+ g_OID_equal(union_name->mech_type, selected_mech)) {
+ internal_name = union_name->mech_name;
+ } else {
+ if ((status = gssint_import_internal_name(minor_status, selected_mech,
+ union_name,
+ &internal_name)) != GSS_S_COMPLETE)
+ return (status);
+ }
+
+ /*
+ * if context_handle is GSS_C_NO_CONTEXT, allocate a union context
+ * descriptor to hold the mech type information as well as the
+ * underlying mechanism context handle. Otherwise, cast the
+ * value of *context_handle to the union context variable.
+ */
+
+ if(*context_handle == GSS_C_NO_CONTEXT) {
+ status = GSS_S_FAILURE;
+ union_ctx_id = (gss_union_ctx_id_t)
+ malloc(sizeof(gss_union_ctx_id_desc));
+ if (union_ctx_id == NULL)
+ goto end;
+
+ if (generic_gss_copy_oid(&temp_minor_status, selected_mech,
+ &union_ctx_id->mech_type) != GSS_S_COMPLETE) {
+ free(union_ctx_id);
+ goto end;
+ }
+
+ /* copy the supplied context handle */
+ union_ctx_id->internal_ctx_id = GSS_C_NO_CONTEXT;
+ } else {
+ union_ctx_id = (gss_union_ctx_id_t)*context_handle;
+ if (union_ctx_id->internal_ctx_id == GSS_C_NO_CONTEXT) {
+ status = GSS_S_NO_CONTEXT;
+ goto end;
+ }
+ }
+
+ /*
+ * get the appropriate cred handle from the union cred struct.
+ * defaults to GSS_C_NO_CREDENTIAL if there is no cred, which will
+ * use the default credential.
+ */
+ union_cred = (gss_union_cred_t) claimant_cred_handle;
+ input_cred_handle = gssint_get_mechanism_cred(union_cred, selected_mech);
+
+ /*
+ * now call the approprate underlying mechanism routine
+ */
+
+ status = mech->gss_init_sec_context(
+ minor_status,
+ input_cred_handle,
+ &union_ctx_id->internal_ctx_id,
+ internal_name,
+ gssint_get_public_oid(selected_mech),
+ req_flags,
+ time_req,
+ input_chan_bindings,
+ input_token,
+ actual_mech_type,
+ output_token,
+ ret_flags,
+ time_rec);
+
+ if (status != GSS_S_COMPLETE && status != GSS_S_CONTINUE_NEEDED) {
+ /*
+ * RFC 2744 5.19 requires that we not create a context on a failed
+ * first call to init, and recommends that on a failed subsequent call
+ * we make the caller responsible for calling gss_delete_sec_context.
+ * Even if the mech deleted its context, keep the union context around
+ * for the caller to delete.
+ */
+ map_error(minor_status, mech);
+ if (union_ctx_id->internal_ctx_id == GSS_C_NO_CONTEXT)
+ *context_handle = GSS_C_NO_CONTEXT;
+ if (*context_handle == GSS_C_NO_CONTEXT) {
+ free(union_ctx_id->mech_type->elements);
+ free(union_ctx_id->mech_type);
+ free(union_ctx_id);
+ }
+ } else if (*context_handle == GSS_C_NO_CONTEXT) {
+ union_ctx_id->loopback = union_ctx_id;
+ *context_handle = (gss_ctx_id_t)union_ctx_id;
+ }
+
+end:
+ if (union_name->mech_name == NULL ||
+ union_name->mech_name != internal_name) {
+ (void) gssint_release_internal_name(&temp_minor_status,
+ selected_mech, &internal_name);
+ }
+
+ return(status);
+}
diff -Naur -x '*.orig' -x '*.rej' krb5-1.12.5/src/lib/gssapi/mechglue/g_inq_context.c krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_inq_context.c
--- krb5-1.12.5/src/lib/gssapi/mechglue/g_inq_context.c 2015-12-16 21:35:51.000000000 +0100
+++ krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_inq_context.c 2017-11-11 15:57:11.560491865 +0100
@@ -104,6 +104,8 @@
*/
ctx = (gss_union_ctx_id_t) context_handle;
+ if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
+ return (GSS_S_NO_CONTEXT);
mech = gssint_get_mechanism (ctx->mech_type);
if (!mech || !mech->gss_inquire_context || !mech->gss_display_name ||
diff -Naur -x '*.orig' -x '*.rej' krb5-1.12.5/src/lib/gssapi/mechglue/g_prf.c krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_prf.c
--- krb5-1.12.5/src/lib/gssapi/mechglue/g_prf.c 2015-12-16 21:35:51.000000000 +0100
+++ krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_prf.c 2017-11-11 15:57:11.560491865 +0100
@@ -59,6 +59,8 @@
*/
ctx = (gss_union_ctx_id_t) context_handle;
+ if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
+ return GSS_S_NO_CONTEXT;
mech = gssint_get_mechanism (ctx->mech_type);
if (mech != NULL) {
diff -Naur -x '*.orig' -x '*.rej' krb5-1.12.5/src/lib/gssapi/mechglue/g_process_context.c krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_process_context.c
--- krb5-1.12.5/src/lib/gssapi/mechglue/g_process_context.c 2015-12-16 21:35:51.000000000 +0100
+++ krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_process_context.c 2017-11-11 15:57:11.560491865 +0100
@@ -61,6 +61,8 @@
*/
ctx = (gss_union_ctx_id_t) context_handle;
+ if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
+ return (GSS_S_NO_CONTEXT);
mech = gssint_get_mechanism (ctx->mech_type);
if (mech) {
diff -Naur -x '*.orig' -x '*.rej' krb5-1.12.5/src/lib/gssapi/mechglue/g_seal.c krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_seal.c
--- krb5-1.12.5/src/lib/gssapi/mechglue/g_seal.c 2015-12-16 21:35:51.000000000 +0100
+++ krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_seal.c 2017-11-11 15:57:11.561491861 +0100
@@ -92,6 +92,8 @@
*/
ctx = (gss_union_ctx_id_t) context_handle;
+ if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
+ return (GSS_S_NO_CONTEXT);
mech = gssint_get_mechanism (ctx->mech_type);
if (mech) {
@@ -226,6 +228,8 @@
*/
ctx = (gss_union_ctx_id_t) context_handle;
+ if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
+ return (GSS_S_NO_CONTEXT);
mech = gssint_get_mechanism (ctx->mech_type);
if (!mech)
diff -Naur -x '*.orig' -x '*.rej' krb5-1.12.5/src/lib/gssapi/mechglue/g_sign.c krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_sign.c
--- krb5-1.12.5/src/lib/gssapi/mechglue/g_sign.c 2015-12-16 21:35:51.000000000 +0100
+++ krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_sign.c 2017-11-11 15:57:11.561491861 +0100
@@ -94,6 +94,8 @@
*/
ctx = (gss_union_ctx_id_t) context_handle;
+ if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
+ return (GSS_S_NO_CONTEXT);
mech = gssint_get_mechanism (ctx->mech_type);
if (mech) {
diff -Naur -x '*.orig' -x '*.rej' krb5-1.12.5/src/lib/gssapi/mechglue/g_unseal.c krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_unseal.c
--- krb5-1.12.5/src/lib/gssapi/mechglue/g_unseal.c 2015-12-16 21:35:51.000000000 +0100
+++ krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_unseal.c 2017-11-11 15:57:11.561491861 +0100
@@ -76,6 +76,8 @@
* call it.
*/
ctx = (gss_union_ctx_id_t) context_handle;
+ if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
+ return (GSS_S_NO_CONTEXT);
mech = gssint_get_mechanism (ctx->mech_type);
if (mech) {
diff -Naur -x '*.orig' -x '*.rej' krb5-1.12.5/src/lib/gssapi/mechglue/g_unwrap_aead.c krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_unwrap_aead.c
--- krb5-1.12.5/src/lib/gssapi/mechglue/g_unwrap_aead.c 2015-12-16 21:35:51.000000000 +0100
+++ krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_unwrap_aead.c 2017-11-11 15:57:11.561491861 +0100
@@ -186,6 +186,8 @@
* call it.
*/
ctx = (gss_union_ctx_id_t) context_handle;
+ if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
+ return (GSS_S_NO_CONTEXT);
mech = gssint_get_mechanism (ctx->mech_type);
if (!mech)
diff -Naur -x '*.orig' -x '*.rej' krb5-1.12.5/src/lib/gssapi/mechglue/g_unwrap_iov.c krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_unwrap_iov.c
--- krb5-1.12.5/src/lib/gssapi/mechglue/g_unwrap_iov.c 2015-12-16 21:35:51.000000000 +0100
+++ krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_unwrap_iov.c 2017-11-11 15:57:11.561491861 +0100
@@ -89,6 +89,8 @@
*/
ctx = (gss_union_ctx_id_t) context_handle;
+ if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
+ return (GSS_S_NO_CONTEXT);
mech = gssint_get_mechanism (ctx->mech_type);
if (mech) {
@@ -128,6 +130,8 @@
/* Select the approprate underlying mechanism routine and call it. */
ctx = (gss_union_ctx_id_t)context_handle;
+ if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
+ return GSS_S_NO_CONTEXT;
mech = gssint_get_mechanism(ctx->mech_type);
if (mech == NULL)
return GSS_S_BAD_MECH;
diff -Naur -x '*.orig' -x '*.rej' krb5-1.12.5/src/lib/gssapi/mechglue/g_verify.c krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_verify.c
--- krb5-1.12.5/src/lib/gssapi/mechglue/g_verify.c 2015-12-16 21:35:51.000000000 +0100
+++ krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_verify.c 2017-11-11 15:57:11.561491861 +0100
@@ -65,6 +65,8 @@
*/
ctx = (gss_union_ctx_id_t) context_handle;
+ if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
+ return (GSS_S_NO_CONTEXT);
mech = gssint_get_mechanism (ctx->mech_type);
if (mech) {
diff -Naur -x '*.orig' -x '*.rej' krb5-1.12.5/src/lib/gssapi/mechglue/g_wrap_aead.c krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_wrap_aead.c
--- krb5-1.12.5/src/lib/gssapi/mechglue/g_wrap_aead.c 2015-12-16 21:35:51.000000000 +0100
+++ krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_wrap_aead.c 2017-11-11 15:57:11.561491861 +0100
@@ -256,6 +256,8 @@
* call it.
*/
ctx = (gss_union_ctx_id_t)context_handle;
+ if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
+ return (GSS_S_NO_CONTEXT);
mech = gssint_get_mechanism (ctx->mech_type);
if (!mech)
return (GSS_S_BAD_MECH);
diff -Naur -x '*.orig' -x '*.rej' krb5-1.12.5/src/lib/gssapi/mechglue/g_wrap_iov.c krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_wrap_iov.c
--- krb5-1.12.5/src/lib/gssapi/mechglue/g_wrap_iov.c 2015-12-16 21:35:51.000000000 +0100
+++ krb5-1.12.5-CVE-2017-11462/src/lib/gssapi/mechglue/g_wrap_iov.c 2017-11-11 15:57:11.561491861 +0100
@@ -93,6 +93,8 @@
*/
ctx = (gss_union_ctx_id_t) context_handle;
+ if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
+ return (GSS_S_NO_CONTEXT);
mech = gssint_get_mechanism (ctx->mech_type);
if (mech) {
@@ -151,6 +153,8 @@
*/
ctx = (gss_union_ctx_id_t) context_handle;
+ if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
+ return (GSS_S_NO_CONTEXT);
mech = gssint_get_mechanism (ctx->mech_type);
if (mech) {
@@ -190,6 +194,8 @@
/* Select the approprate underlying mechanism routine and call it. */
ctx = (gss_union_ctx_id_t)context_handle;
+ if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
+ return GSS_S_NO_CONTEXT;
mech = gssint_get_mechanism(ctx->mech_type);
if (mech == NULL)
return GSS_S_BAD_MECH;
@@ -218,6 +224,8 @@
/* Select the approprate underlying mechanism routine and call it. */
ctx = (gss_union_ctx_id_t)context_handle;
+ if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
+ return GSS_S_NO_CONTEXT;
mech = gssint_get_mechanism(ctx->mech_type);
if (mech == NULL)
return GSS_S_BAD_MECH;
distrib
>
Mageia
>
5
>
x86_64
>
media
>
core-updates-src
>
by-pkgid
>
289b2adfff4f9545351b01879c69ce0e
>
files
>
18
