diff options
Diffstat (limited to 'debian/patches/upstream/0009-Remove-incorrect-KDC-assertion.patch')
-rw-r--r-- | debian/patches/upstream/0009-Remove-incorrect-KDC-assertion.patch | 43 |
1 files changed, 0 insertions, 43 deletions
diff --git a/debian/patches/upstream/0009-Remove-incorrect-KDC-assertion.patch b/debian/patches/upstream/0009-Remove-incorrect-KDC-assertion.patch deleted file mode 100644 index 7b4868fdf..000000000 --- a/debian/patches/upstream/0009-Remove-incorrect-KDC-assertion.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 2de32da21c17e0daa9a47d610c3fab3f10a58513 Mon Sep 17 00:00:00 2001 -From: Isaac Boukris <iboukris@gmail.com> -Date: Sat, 15 Dec 2018 11:56:36 +0200 -Subject: Remove incorrect KDC assertion - -The assertion in return_enc_padata() is reachable because -kdc_make_s4u2self_rep() may have previously added encrypted padata. -It is no longer necessary because the code uses add_pa_data_element() -instead of allocating a new list. - -CVE-2018-20217: - -In MIT krb5 1.8 or later, an authenticated user who can obtain a TGT -using an older encryption type (DES, DES3, or RC4) can cause an -assertion failure in the KDC by sending an S4U2Self request. - -[ghudson@mit.edu: rewrote commit message with CVE description] - -ticket: 8767 (new) -tags: pullup -target_version: 1.17 -target_version: 1.16-next -target_version: 1.15-next - -(cherry picked from commit 94e5eda5bb94d1d44733a49c3d9b6d1e42c74def) - -Patch-Category: upstream ---- - src/kdc/kdc_preauth.c | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c -index 81d0b8cffd..787a09684c 100644 ---- a/src/kdc/kdc_preauth.c -+++ b/src/kdc/kdc_preauth.c -@@ -1640,7 +1640,6 @@ return_enc_padata(krb5_context context, krb5_data *req_pkt, - krb5_error_code code = 0; - /* This should be initialized and only used for Win2K compat and other - * specific standardized uses such as FAST negotiation. */ -- assert(reply_encpart->enc_padata == NULL); - if (is_referral) { - code = return_referral_enc_padata(context, reply_encpart, server); - if (code) |