Projects
openEuler:20.03:LTS:SP3
samba
_service:tar_scm_kernel_repo:backport-0001-CVE-...
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm_kernel_repo:backport-0001-CVE-2022-45141.patch of Package samba
From 2be27ec1d7f3bfcdcac65bca1db53772535fe7bf Mon Sep 17 00:00:00 2001 From: Nicolas Williams <nico@cryptonector.com> Date: Tue, 11 Oct 2011 23:57:58 -0500 Subject: [PATCH 1/2] CVE-2022-45141 source4/heimdal: Fix TGS ticket enc-part key selection When I added support for configuring how the KDC selects session, reply, and ticket enc-part keys I accidentally had the KDC use the session key selection algorithm for selecting the ticket enc-part key. This becomes a problem when using a Heimdal KDC with an MIT KDB as the HDB backend and when the krbtgt keys are not in strongest-to-weakest order, in which case forwardable tickets minted by the Heimdal KDC will not be accepted by MIT KDCs with the same KDB. (cherry picked from Heimdal commit 12cd2c9cbd1ca027a3ef9ac7ab3e79526b1348ae) BUG: https://bugzilla.samba.org/show_bug.cgi?id=15214 BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org> Conflict: NA Reference: https://attachments.samba.org/attachment.cgi?id=17680 --- source4/heimdal/kdc/krb5tgs.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c index 15be136496fa..7391393e4b64 100644 --- a/source4/heimdal/kdc/krb5tgs.c +++ b/source4/heimdal/kdc/krb5tgs.c @@ -1665,17 +1665,14 @@ server_lookup: } else { Key *skey; - ret = _kdc_find_etype(context, - config->tgs_use_strongest_session_key, FALSE, - server, b->etype.val, b->etype.len, NULL, - &skey); + ret = _kdc_get_preferred_key(context, config, server, spn, + &etype, &skey); if(ret) { kdc_log(context, config, 0, "Server (%s) has no support for etypes", spn); goto out; } ekey = &skey->key; - etype = skey->key.keytype; kvno = server->entry.kvno; } -- 2.34.1
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.