Projects
openEuler:20.03:LTS:SP3
samba
_service:tar_scm_kernel_repo:backport-0002-CVE-...
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm_kernel_repo:backport-0002-CVE-2022-42898.patch of Package samba
From a1a2eeb278cd0b504c9229cd7152f74463232fc4 Mon Sep 17 00:00:00 2001 From: Nicolas Williams <nico@twosigma.com> Date: Thu, 21 May 2015 14:24:38 -0500 Subject: [PATCH 2/4] CVE-2022-42898 source4/heimdal: Add krb5_ret/store_[u]int64() BUG: https://bugzilla.samba.org/show_bug.cgi?id=15203 [jsutton@samba.org backported from Heimdal commit 996d4c5db3c8aee10b7496591db13f52a575cef5; removed changes to lib/krb5/libkrb5-exports.def.in which we don't have] --- source4/heimdal/lib/krb5/store-int.c | 13 +- source4/heimdal/lib/krb5/store.c | 132 +++++++++++++++++--- source4/heimdal/lib/krb5/version-script.map | 4 + 3 files changed, 133 insertions(+), 16 deletions(-) diff --git a/source4/heimdal/lib/krb5/store-int.c b/source4/heimdal/lib/krb5/store-int.c index d5776297181..542b99abc08 100644 --- a/source4/heimdal/lib/krb5/store-int.c +++ b/source4/heimdal/lib/krb5/store-int.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL -_krb5_put_int(void *buffer, unsigned long value, size_t size) +_krb5_put_int(void *buffer, uint64_t value, size_t size) { unsigned char *p = buffer; int i; @@ -46,7 +46,7 @@ _krb5_put_int(void *buffer, unsigned long value, size_t size) } KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL -_krb5_get_int(void *buffer, unsigned long *value, size_t size) +_krb5_get_int64(void *buffer, uint64_t *value, size_t size) { unsigned char *p = buffer; unsigned long v = 0; @@ -56,3 +56,12 @@ _krb5_get_int(void *buffer, unsigned long *value, size_t size) *value = v; return size; } + +KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL +_krb5_get_int(void *buffer, unsigned long *value, size_t size) +{ + uint64_t v64; + krb5_ssize_t bytes = _krb5_get_int64(buffer, &v64, size); + *value = v64; + return bytes; +} diff --git a/source4/heimdal/lib/krb5/store.c b/source4/heimdal/lib/krb5/store.c index 31afb23c983..df0227b39de 100644 --- a/source4/heimdal/lib/krb5/store.c +++ b/source4/heimdal/lib/krb5/store.c @@ -318,13 +318,13 @@ krb5_storage_to_data(krb5_storage *sp, krb5_data *data) static krb5_error_code krb5_store_int(krb5_storage *sp, - int32_t value, + int64_t value, size_t len) { int ret; - unsigned char v[16]; + unsigned char v[8]; - if(len > sizeof(v)) + if (len > sizeof(v)) return EINVAL; _krb5_put_int(v, value, len); ret = sp->store(sp, v, len); @@ -358,6 +358,33 @@ krb5_store_int32(krb5_storage *sp, return krb5_store_int(sp, value, 4); } +/** + * Store a int64 to storage, byte order is controlled by the settings + * on the storage, see krb5_storage_set_byteorder(). + * + * @param sp the storage to write too + * @param value the value to store + * + * @return 0 for success, or a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_store_int64(krb5_storage *sp, + int64_t value) +{ + if (BYTEORDER_IS_HOST(sp)) +#ifdef WORDS_BIGENDIAN + ; +#else + value = bswap64(value); /* There's no ntohll() */ +#endif + else if (BYTEORDER_IS_LE(sp)) + value = bswap64(value); + return krb5_store_int(sp, value, 8); +} + /** * Store a uint32 to storage, byte order is controlled by the settings * on the storage, see krb5_storage_set_byteorder(). @@ -377,24 +404,99 @@ krb5_store_uint32(krb5_storage *sp, return krb5_store_int32(sp, (int32_t)value); } +/** + * Store a uint64 to storage, byte order is controlled by the settings + * on the storage, see krb5_storage_set_byteorder(). + * + * @param sp the storage to write too + * @param value the value to store + * + * @return 0 for success, or a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_store_uint64(krb5_storage *sp, + uint64_t value) +{ + return krb5_store_int64(sp, (int64_t)value); +} + static krb5_error_code krb5_ret_int(krb5_storage *sp, - int32_t *value, + int64_t *value, size_t len) { int ret; - unsigned char v[4]; - unsigned long w; + unsigned char v[8]; + uint64_t w; ret = sp->fetch(sp, v, len); if (ret < 0) return errno; if ((size_t)ret != len) return sp->eof_code; - _krb5_get_int(v, &w, len); + _krb5_get_int64(v, &w, len); *value = w; return 0; } +/** + * Read a int64 from storage, byte order is controlled by the settings + * on the storage, see krb5_storage_set_byteorder(). + * + * @param sp the storage to write too + * @param value the value read from the buffer + * + * @return 0 for success, or a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_ret_int64(krb5_storage *sp, + int64_t *value) +{ + krb5_error_code ret = krb5_ret_int(sp, value, 8); + if(ret) + return ret; + if(BYTEORDER_IS_HOST(sp)) +#ifdef WORDS_BIGENDIAN + ; +#else + *value = bswap64(*value); /* There's no ntohll() */ +#endif + else if(BYTEORDER_IS_LE(sp)) + *value = bswap64(*value); + return 0; +} + +/** + * Read a uint64 from storage, byte order is controlled by the settings + * on the storage, see krb5_storage_set_byteorder(). + * + * @param sp the storage to write too + * @param value the value read from the buffer + * + * @return 0 for success, or a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_ret_uint64(krb5_storage *sp, + uint64_t *value) +{ + krb5_error_code ret; + int64_t v; + + ret = krb5_ret_int64(sp, &v); + if (ret == 0) + *value = (uint64_t)v; + + return ret; +} + /** * Read a int32 from storage, byte order is controlled by the settings * on the storage, see krb5_storage_set_byteorder(). @@ -411,12 +513,15 @@ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_int32(krb5_storage *sp, int32_t *value) { - krb5_error_code ret = krb5_ret_int(sp, value, 4); - if(ret) + int64_t v; + + krb5_error_code ret = krb5_ret_int(sp, &v, 4); + if (ret) return ret; - if(BYTEORDER_IS_HOST(sp)) + *value = v; + if (BYTEORDER_IS_HOST(sp)) *value = htonl(*value); - else if(BYTEORDER_IS_LE(sp)) + else if (BYTEORDER_IS_LE(sp)) *value = bswap32(*value); return 0; } @@ -434,8 +539,7 @@ krb5_ret_int32(krb5_storage *sp, */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL -krb5_ret_uint32(krb5_storage *sp, - uint32_t *value) +krb5_ret_uint32(krb5_storage *sp, uint32_t *value) { krb5_error_code ret; int32_t v; @@ -505,7 +609,7 @@ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_int16(krb5_storage *sp, int16_t *value) { - int32_t v = 0; + int64_t v; int ret; ret = krb5_ret_int(sp, &v, 2); if(ret) diff --git a/source4/heimdal/lib/krb5/version-script.map b/source4/heimdal/lib/krb5/version-script.map index 2359001e9da..d0412c08d59 100644 --- a/source4/heimdal/lib/krb5/version-script.map +++ b/source4/heimdal/lib/krb5/version-script.map @@ -550,6 +550,7 @@ HEIMDAL_KRB5_2.0 { krb5_ret_data; krb5_ret_int16; krb5_ret_int32; + krb5_ret_int64; krb5_ret_int8; krb5_ret_keyblock; krb5_ret_principal; @@ -559,6 +560,7 @@ HEIMDAL_KRB5_2.0 { krb5_ret_times; krb5_ret_uint16; krb5_ret_uint32; + krb5_ret_uint64; krb5_ret_uint8; krb5_salttype_to_string; krb5_sendauth; @@ -623,6 +625,7 @@ HEIMDAL_KRB5_2.0 { krb5_store_data; krb5_store_int16; krb5_store_int32; + krb5_store_int64; krb5_store_int8; krb5_store_keyblock; krb5_store_principal; @@ -632,6 +635,7 @@ HEIMDAL_KRB5_2.0 { krb5_store_times; krb5_store_uint16; krb5_store_uint32; + krb5_store_uint64; krb5_store_uint8; krb5_string_to_deltat; krb5_string_to_enctype; -- 2.35.0
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.