initial buildroot for linux 5.15
This commit is contained in:
@@ -0,0 +1,47 @@
|
||||
From d775c95af7606a51bf79547a94fa52ddd1cb7f49 Mon Sep 17 00:00:00 2001
|
||||
From: Greg Hudson <ghudson@mit.edu>
|
||||
Date: Tue, 3 Aug 2021 01:15:27 -0400
|
||||
Subject: [PATCH] Fix KDC null deref on TGS inner body null server
|
||||
|
||||
After the KDC decodes a FAST inner body, it does not check for a null
|
||||
server. Prior to commit 39548a5b17bbda9eeb63625a201cfd19b9de1c5b this
|
||||
would typically result in an error from krb5_unparse_name(), but with
|
||||
the addition of get_local_tgt() it results in a null dereference. Add
|
||||
a null check.
|
||||
|
||||
Reported by Joseph Sutton of Catalyst.
|
||||
|
||||
CVE-2021-37750:
|
||||
|
||||
In MIT krb5 releases 1.14 and later, an authenticated attacker can
|
||||
cause a null dereference in the KDC by sending a FAST TGS request with
|
||||
no server field.
|
||||
|
||||
ticket: 9008 (new)
|
||||
tags: pullup
|
||||
target_version: 1.19-next
|
||||
target_version: 1.18-next
|
||||
|
||||
[Retrieved from:
|
||||
https://github.com/krb5/krb5/commit/d775c95af7606a51bf79547a94fa52ddd1cb7f49]
|
||||
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
|
||||
---
|
||||
src/kdc/do_tgs_req.c | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c
|
||||
index 582e497cc9..32dc65fa8e 100644
|
||||
--- a/src/kdc/do_tgs_req.c
|
||||
+++ b/src/kdc/do_tgs_req.c
|
||||
@@ -204,6 +204,11 @@ process_tgs_req(krb5_kdc_req *request, krb5_data *pkt,
|
||||
status = "FIND_FAST";
|
||||
goto cleanup;
|
||||
}
|
||||
+ if (sprinc == NULL) {
|
||||
+ status = "NULL_SERVER";
|
||||
+ errcode = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
|
||||
errcode = get_local_tgt(kdc_context, &sprinc->realm, header_server,
|
||||
&local_tgt, &local_tgt_storage, &local_tgt_key);
|
||||
@@ -0,0 +1,21 @@
|
||||
config BR2_PACKAGE_LIBKRB5
|
||||
bool "libkrb5"
|
||||
# needs fork()
|
||||
depends on BR2_USE_MMU
|
||||
depends on !BR2_STATIC_LIBS
|
||||
select BR2_PACKAGE_LIBOPENSSL_ENABLE_DES if BR2_PACKAGE_LIBOPENSSL
|
||||
select BR2_PACKAGE_LIBOPENSSL_ENABLE_MD4 if BR2_PACKAGE_LIBOPENSSL
|
||||
select BR2_PACKAGE_LIBOPENSSL_ENABLE_RC4 if BR2_PACKAGE_LIBOPENSSL
|
||||
help
|
||||
Kerberos is a system for authenticating users and services
|
||||
on a network. Kerberos is a trusted third-party service.
|
||||
That means that there is a third party (the Kerberos server)
|
||||
that is trusted by all the entities on the network (users
|
||||
and services, usually called "principals"). This is the MIT
|
||||
reference implementation of Kerberos V5.
|
||||
|
||||
https://web.mit.edu/kerberos/
|
||||
|
||||
comment "libkrb5 needs a toolchain w/ dynamic library"
|
||||
depends on BR2_USE_MMU
|
||||
depends on BR2_STATIC_LIBS
|
||||
@@ -0,0 +1,5 @@
|
||||
# Locally calculated after checking pgp signature
|
||||
sha256 66085e2f594751e77e82e0dbf7bbc344320fb48a9df2a633cfdd8f7d6da99fc8 krb5-1.18.4.tar.gz
|
||||
|
||||
# Hash for license file:
|
||||
sha256 7fba8b076bdc2cfef1d0813c5d4067d76d5be60c32d84de22d5d1cf451744feb NOTICE
|
||||
@@ -0,0 +1,80 @@
|
||||
################################################################################
|
||||
#
|
||||
# libkrb5
|
||||
#
|
||||
################################################################################
|
||||
|
||||
LIBKRB5_VERSION_MAJOR = 1.18
|
||||
LIBKRB5_VERSION = $(LIBKRB5_VERSION_MAJOR).4
|
||||
LIBKRB5_SITE = https://web.mit.edu/kerberos/dist/krb5/$(LIBKRB5_VERSION_MAJOR)
|
||||
LIBKRB5_SOURCE = krb5-$(LIBKRB5_VERSION).tar.gz
|
||||
LIBKRB5_SUBDIR = src
|
||||
LIBKRB5_LICENSE = MIT
|
||||
LIBKRB5_LICENSE_FILES = NOTICE
|
||||
LIBKRB5_CPE_ID_VENDOR = mit
|
||||
LIBKRB5_CPE_ID_PRODUCT = kerberos_5
|
||||
LIBKRB5_DEPENDENCIES = host-bison $(TARGET_NLS_DEPENDENCIES)
|
||||
LIBKRB5_INSTALL_STAGING = YES
|
||||
|
||||
# 0001-Fix-KDC-null-deref-on-TGS-inner-body-null-server.patch
|
||||
LIBKRB5_IGNORE_CVES += CVE-2021-37750
|
||||
|
||||
# The configure script uses AC_TRY_RUN tests to check for those values,
|
||||
# which doesn't work in a cross-compilation scenario. Therefore,
|
||||
# we feed the configure script with the correct answer for those tests
|
||||
LIBKRB5_CONF_ENV = \
|
||||
ac_cv_printf_positional=yes \
|
||||
ac_cv_func_regcomp=yes \
|
||||
krb5_cv_attr_constructor_destructor=yes,yes \
|
||||
LIBS=$(TARGET_NLS_LIBS)
|
||||
|
||||
# Never use the host packages
|
||||
LIBKRB5_CONF_OPTS = \
|
||||
--without-system-db \
|
||||
--without-system-et \
|
||||
--without-system-ss \
|
||||
--without-system-verto \
|
||||
--without-tcl \
|
||||
--disable-rpath
|
||||
|
||||
ifeq ($(BR2_PACKAGE_OPENLDAP),y)
|
||||
LIBKRB5_CONF_OPTS += --with-ldap
|
||||
LIBKRB5_DEPENDENCIES += openldap
|
||||
else
|
||||
LIBKRB5_CONF_OPTS += --without-ldap
|
||||
endif
|
||||
|
||||
ifeq ($(BR2_PACKAGE_OPENSSL),y)
|
||||
LIBKRB5_CONF_OPTS += \
|
||||
--enable-pkinit \
|
||||
--with-crypto-impl=openssl \
|
||||
--with-spake-openssl \
|
||||
--with-tls-impl=openssl
|
||||
LIBKRB5_DEPENDENCIES += openssl
|
||||
else
|
||||
LIBKRB5_CONF_OPTS += \
|
||||
--disable-pkinit \
|
||||
--with-crypto-impl=builtin \
|
||||
--without-spake-openssl \
|
||||
--without-tls-impl
|
||||
endif
|
||||
|
||||
ifeq ($(BR2_PACKAGE_LIBEDIT),y)
|
||||
LIBKRB5_CONF_OPTS += --with-libedit
|
||||
LIBKRB5_DEPENDENCIES += host-pkgconf libedit
|
||||
else
|
||||
LIBKRB5_CONF_OPTS += --without-libedit
|
||||
endif
|
||||
|
||||
ifeq ($(BR2_PACKAGE_READLINE),y)
|
||||
LIBKRB5_CONF_OPTS += --with-readline
|
||||
LIBKRB5_DEPENDENCIES += readline
|
||||
else
|
||||
LIBKRB5_CONF_OPTS += --without-readline
|
||||
endif
|
||||
|
||||
ifneq ($(BR2_TOOLCHAIN_HAS_THREADS),y)
|
||||
LIBKRB5_CONF_OPTS += --disable-thread-support
|
||||
endif
|
||||
|
||||
$(eval $(autotools-package))
|
||||
Reference in New Issue
Block a user