From 0a3f27d7a4fa8f0f4b2d8108e90704664772da90 Mon Sep 17 00:00:00 2001
From: Nalin Dahyabhai <nalin@fedoraproject.org>
Date: Mar 03 2010 16:09:48 +0000
Subject: - fix a null pointer dereference and crash introduced in our PAM patch that

    would happen if ftpd was given the name of a user who wasn't known to
    the local system, limited to being triggerable by gssapi-authenticated
    clients by the default xinetd config (Olivier Fourdan, #569472)

---

diff --git a/krb5-1.6.1-pam.patch b/krb5-1.6.1-pam.patch
index 46286ab..a320565 100644
--- a/krb5-1.6.1-pam.patch
+++ b/krb5-1.6.1-pam.patch
@@ -832,7 +832,7 @@ When enabled, ftpd, krshd, and login.krb5 gain dependence on libpam.
 +#ifdef USE_PAM
 +		if (appl_pam_enabled(kcontext, "ftpd")) {
 +			if (appl_pam_acct_mgmt(FTP_PAM_SERVICE, 0,
-+					       pw->pw_name, "",
++					       name, "",
 +					       FTP_PAM_SERVICE) != 0) {
 +				reply(530, "Login incorrect.");
 +				return;
@@ -860,7 +860,7 @@ When enabled, ftpd, krshd, and login.krb5 gain dependence on libpam.
 -		if (pw == NULL || (!kpass(pw->pw_name, passwd) &&
 -				   (want_creds || !*pw->pw_passwd ||
 -				    strcmp(xpasswd, pw->pw_passwd)))) {
-+		if ((pw == NULL) ||
++		if ((pw == NULL) || (
 +#ifdef USE_PAM
 +		    appl_pam_enabled(kcontext, "ftpd") ?
 +		    (appl_pam_authenticate(FTP_PAM_SERVICE, 0,
@@ -870,7 +870,7 @@ When enabled, ftpd, krshd, and login.krb5 gain dependence on libpam.
 +		    (!kpass(pw->pw_name, passwd) &&
 +		     (want_creds ||
 +		      !*pw->pw_passwd ||
-+		      strcmp(xpasswd, pw->pw_passwd)))) {
++		      strcmp(xpasswd, pw->pw_passwd))))) {
  			pw = NULL;
  			sleep(5);
  			if (++login_attempts >= 3) {
diff --git a/krb5.spec b/krb5.spec
index b3db8e2..f7732f7 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -16,7 +16,7 @@
 Summary: The Kerberos network authentication system.
 Name: krb5
 Version: 1.6.3
-Release: 26%{?dist}
+Release: 27%{?dist}
 # Maybe we should explode from the now-available-to-everybody tarball instead?
 # http://web.mit.edu/kerberos/dist/krb5/1.6/krb5-1.6.2-signed.tar
 Source0: krb5-%{version}.tar.gz
@@ -242,6 +242,12 @@ to obtain initial credentials from a KDC using a private key and a
 certificate.
 
 %changelog
+* Wed Mar  3 2010 Nalin Dahyabhai <nalin@redhat.com> - 1.6.3-27
+- fix a null pointer dereference and crash introduced in our PAM patch that
+  would happen if ftpd was given the name of a user who wasn't known to the
+  local system, limited to being triggerable by gssapi-authenticated clients by
+  the default xinetd config (Olivier Fourdan, #569472)
+
 * Tue Mar  2 2010 Nalin Dahyabhai <nalin@redhat.com> - 1.6.3-26
 - fix a regression (not labeling a kdb database lock file correctly, #569902)
 - add a workaround to build with OpenSSL 1.0, which changed the signature