Commit 2b3e4331 authored by Chaoting Liu's avatar Chaoting Liu

krb5: Fix LDAP null deref on empty arg

parent a9197136
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
index 6e591e1..79c4cf0 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
@@ -296,6 +296,7 @@ process_db_args(krb5_context context, char **db_args, xargs_t *xargs,
if (db_args) {
for (i=0; db_args[i]; ++i) {
arg = strtok_r(db_args[i], "=", &arg_val);
+ arg = (arg != NULL) ? arg : "";
if (strcmp(arg, TKTPOLICY_ARG) == 0) {
dptr = &xargs->tktpolicydn;
} else {
# maintainer inkane@chakra-project.org
# contributor abveritas[at]chakra-project[dot]org>
pkgname=krb5
pkgver=1.14.1
pkgrel=1
pkgrel=2
pkgdesc="The Kerberos network authentication system"
arch=('i686' 'x86_64')
url="http://web.mit.edu/kerberos/"
......@@ -14,6 +11,7 @@ backup=('etc/krb5.conf' 'var/lib/krb5kdc/kdc.conf')
source=("http://web.mit.edu/kerberos/dist/${pkgname}/1.14/${pkgname}-${pkgver}.tar.gz"{,.asc}
'krb5-kadmind.service'
'krb5-config_LDFLAGS.patch'
'CVE-2016-3119.patch'
'krb5-kdc.service'
'krb5-kpropd.service'
'krb5-kpropd@.service'
......@@ -22,6 +20,7 @@ md5sums=('400de0cabbfbe85c2c36f60347bf7dc6'
'SKIP'
'd2c898d376ebe5c62b873da7cab0f7e7'
'656e242de9b5ada1edf398983db51eef'
'd90b8b1a3d0c145ce086c06d0a258069'
'f0245d33083337f95654f4caf1d32f57'
'3dddf2f79ef74c4e736711e41228ee91'
'babefac221331f7131a29faac33cc5bc'
......@@ -37,6 +36,10 @@ prepare() {
# fix for the bug described at https://bugs.archlinux.org/task/25384
cd "${srcdir}/${pkgname}-${pkgver}/src"
sed -i "/KRB5ROOT=/s/\/local//" util/ac_check_krb5.m4
# Fix LDAP null deref on empty arg [CVE-2016-3119]
cd "${srcdir}/${pkgname}-${pkgver}"
patch -Np1 -i ${srcdir}/CVE-2016-3119.patch
}
build() {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment