Error applying MITKRB5-SA-2007-002 on krb5-1.5

simonst@wellsfargo.com simonst at wellsfargo.com
Fri Apr 6 14:34:19 EDT 2007


Patch MITKRB5-SA-2007-002 is failing to apply on krb5-1.5:
    [rpmdev]$ patch -p0 <2007-002-patch.txt
    patching file src/kadmin/server/kadm_rpc_svc.c
    patching file src/kadmin/server/misc.c
    patching file src/kadmin/server/misc.h
    patching file src/kadmin/server/ovsec_kadmd.c
    Hunk #1 succeeded at 989 with fuzz 2 (offset -3 lines).
    Hunk #2 succeeded at 997 (offset -5 lines).
    Hunk #3 succeeded at 1025 (offset -3 lines).
    patching file src/kadmin/server/schpw.c
    patching file src/kadmin/server/server_stubs.c
    patching file src/kdc/do_tgs_req.c
    Hunk #1 FAILED at 491.
    Hunk #2 succeeded at 550 (offset -2 lines).
    1 out of 3 hunks FAILED -- saving rejects to file
src/kdc/do_tgs_req.c.rej
    patching file src/kdc/kdc_util.c
    patching file src/lib/kadm5/logger.c

Here's the complete cmdline output:

[rpmdev]$ uname -a
Linux rpmdev 2.4.21-37.ELsmp #1 SMP Wed Sep 7 13:28:55 EDT 2005 i686 i686
i386 GNU/Linux
[rpmdev]$ gpgv -v krb5-1.5.tar.gz.asc
gpgv: armor header: Version: GnuPG v1.4.3 (SunOS)
gpgv: assuming signed data in `krb5-1.5.tar.gz'
gpgv: Signature made Fri 30 Jun 2006 10:16:09 PM PDT using RSA key ID
F376813D
gpgv: Good signature from "Tom Yu <tlyu at MIT.EDU>"
gpgv:                 aka "Tom Yu <tlyu at MIT.EDU>"
[rpmdev]$ md5sum krb5-1.5.tar.gz
fe62bcd315fe4139e4fa05732ce8abde  krb5-1.5.tar.gz

[rpmdev]$ tar xzf  krb5-1.5.tar.gz

[rpmdev]$ cd krb5-1.5

[rpmdev]$ wget http://web.mit.edu/kerberos/advisories/2007-002-patch.txt
--11:05:42--  http://web.mit.edu/kerberos/advisories/2007-002-patch.txt
           => `2007-002-patch.txt'
Length: 41,658 (41K) [text/plain]
100%[====================================================>] 41,658
106.89K/s
11:05:43 (106.55 KB/s) - `2007-002-patch.txt' saved [41658/41658]

[rpmdev]$ md5sum 2007-002-patch.txt
25b7ae9462b7439f7d11064138aac11e  2007-002-patch.txt
[rpmdev]$ head 2007-002-patch.txt
*** src/kadmin/server/kadm_rpc_svc.c    (revision 19480)
--- src/kadmin/server/kadm_rpc_svc.c    (local)
***************
*** 250,255 ****
--- 250,257 ----
       krb5_data *c1, *c2, *realm;
       gss_buffer_desc gss_str;
       kadm5_server_handle_t handle;
+      size_t slen;
+      char *sdots;

[rpmdev]$ patch -p0 <2007-002-patch.txt
patching file src/kadmin/server/kadm_rpc_svc.c
patching file src/kadmin/server/misc.c
patching file src/kadmin/server/misc.h
patching file src/kadmin/server/ovsec_kadmd.c
Hunk #1 succeeded at 989 with fuzz 2 (offset -3 lines).
Hunk #2 succeeded at 997 (offset -5 lines).
Hunk #3 succeeded at 1025 (offset -3 lines).
patching file src/kadmin/server/schpw.c
patching file src/kadmin/server/server_stubs.c
patching file src/kdc/do_tgs_req.c
Hunk #1 FAILED at 491.
Hunk #2 succeeded at 550 (offset -2 lines).
1 out of 3 hunks FAILED -- saving rejects to file src/kdc/do_tgs_req.c.rej
patching file src/kdc/kdc_util.c
patching file src/lib/kadm5/logger.c

[rpmdev]$ cat src/kdc/do_tgs_req.c.rej
***************
*** 491,518 ****
        newtransited = 1;
      }
      if (!isflagset (request->kdc_options,
KDC_OPT_DISABLE_TRANSITED_CHECK)) {
        errcode = krb5_check_transited_list (kdc_context,
 
&enc_tkt_reply.transited.tr_contents,
                                             krb5_princ_realm (kdc_context,
header_ticket->enc_part2->client),
                                             krb5_princ_realm (kdc_context,
request->server));
        if (errcode == 0) {
            setflag (enc_tkt_reply.flags, TKT_FLG_TRANSIT_POLICY_CHECKED);
        } else if (errcode == KRB5KRB_AP_ERR_ILL_CR_TKT)
            krb5_klog_syslog (LOG_INFO,
!                             "bad realm transit path from '%s' to '%s' via
'%.*s'",
                              cname ? cname : "<unknown client>",
                              sname ? sname : "<unknown server>",
!                             enc_tkt_reply.transited.tr_contents.length,
!                             enc_tkt_reply.transited.tr_contents.data);
        else {
            const char *emsg = krb5_get_error_message(kdc_context, errcode);
            krb5_klog_syslog (LOG_ERR,
!                             "unexpected error checking transit from '%s'
to '%s' via '%.*s': %s",
                              cname ? cname : "<unknown client>",
                              sname ? sname : "<unknown server>",
!                             enc_tkt_reply.transited.tr_contents.length,
                              enc_tkt_reply.transited.tr_contents.data,
!                             emsg);
            krb5_free_error_message(kdc_context, emsg);
        }
      } else
--- 491,528 ----
        newtransited = 1;
      }
      if (!isflagset (request->kdc_options,
KDC_OPT_DISABLE_TRANSITED_CHECK)) {
+       unsigned int tlen;
+       char *tdots;
+
        errcode = krb5_check_transited_list (kdc_context,
 
&enc_tkt_reply.transited.tr_contents,
                                             krb5_princ_realm (kdc_context,
header_ticket->enc_part2->client),
                                             krb5_princ_realm (kdc_context,
request->server));
+       tlen = enc_tkt_reply.transited.tr_contents.length;
+       tdots = tlen > 125 ? "..." : "";
+       tlen = tlen > 125 ? 125 : tlen;
+
        if (errcode == 0) {
            setflag (enc_tkt_reply.flags, TKT_FLG_TRANSIT_POLICY_CHECKED);
        } else if (errcode == KRB5KRB_AP_ERR_ILL_CR_TKT)
            krb5_klog_syslog (LOG_INFO,
!                             "bad realm transit path from '%s' to '%s' "
!                             "via '%.*s%s'",
                              cname ? cname : "<unknown client>",
                              sname ? sname : "<unknown server>",
!                             tlen,
!                             enc_tkt_reply.transited.tr_contents.data,
!                             tdots);
        else {
            const char *emsg = krb5_get_error_message(kdc_context, errcode);
            krb5_klog_syslog (LOG_ERR,
!                             "unexpected error checking transit from "
!                             "'%s' to '%s' via '%.*s%s': %s",
                              cname ? cname : "<unknown client>",
                              sname ? sname : "<unknown server>",
!                             tlen,
                              enc_tkt_reply.transited.tr_contents.data,
!                             tdots, emsg);
            krb5_free_error_message(kdc_context, emsg);
        }
      } else
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5621 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20070406/3af2a566/attachment.bin


More information about the Kerberos mailing list