From 830fcd704ae9c3e0cb9f8bea6620d07fa663a208 Mon Sep 17 00:00:00 2001
From: Nalin Dahyabhai <nalin@fedoraproject.org>
Date: May 18 2010 18:14:18 +0000
Subject: - add patch to correct GSSAPI library null pointer dereference which could

    be triggered by malformed client requests (CVE-2010-1321, #582466)

---

diff --git a/krb5-CVE-2010-1321-1.7.1.patch b/krb5-CVE-2010-1321-1.7.1.patch
new file mode 100644
index 0000000..fb7286c
--- /dev/null
+++ b/krb5-CVE-2010-1321-1.7.1.patch
@@ -0,0 +1,16 @@
+--- a/src/lib/gssapi/krb5/accept_sec_context.c
++++ b/src/lib/gssapi/krb5/accept_sec_context.c
+@@ -561,6 +561,13 @@ kg_accept_krb5(minor_status, context_handle,
+     }
+ #endif
+ 
++   if (authdat->checksum == NULL) {
++      /* missing checksum counts as "inappropriate type" */
++      code = KRB5KRB_AP_ERR_INAPP_CKSUM;
++      major_status = GSS_S_FAILURE;
++      goto fail;
++   }
++
+    if (authdat->checksum->checksum_type != CKSUMTYPE_KG_CB) {
+       /* Samba does not send 0x8003 GSS-API checksums */
+       krb5_boolean valid;
diff --git a/krb5.spec b/krb5.spec
index 6163a83..d396b21 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -10,7 +10,7 @@
 Summary: The Kerberos network authentication system
 Name: krb5
 Version: 1.7.1
-Release: 8%{?dist}
+Release: 9%{?dist}
 # Maybe we should explode from the now-available-to-everybody tarball instead?
 # http://web.mit.edu/kerberos/dist/krb5/1.7/krb5-1.7.1-signed.tar
 Source0: krb5-%{version}.tar.gz
@@ -87,6 +87,7 @@ Patch97: http://web.mit.edu/kerberos/advisories/2010-001-patch.txt
 Patch99: krb5-1.7.1-kpasswd_ipv6.patch
 Patch100: 2010-002-1.7-patch.txt
 Patch101: http://web.mit.edu/kerberos/advisories/2010-004-patch.txt
+Patch102: krb5-CVE-2010-1321-1.7.1.patch
 
 License: MIT
 URL: http://web.mit.edu/kerberos/www/
@@ -225,6 +226,10 @@ to obtain initial credentials from a KDC using a private key and a
 certificate.
 
 %changelog
+* Tue May 18 2010 Nalin Dahyabhai <nalin@redhat.com> 1.7.1-9
+- add patch to correct GSSAPI library null pointer dereference which could be
+  triggered by malformed client requests (CVE-2010-1321, #582466)
+
 * Tue May  4 2010 Nalin Dahyabhai <nalin@redhat.com> 1.7.1-8
 - fix output of kprop's init script's "status" and "reload" commands (#588222)
 
@@ -1619,6 +1624,7 @@ popd
 %patch99 -p0 -b .kpasswd_ipv6
 %patch100 -p0 -b .2010-002
 %patch101 -p1 -b .2010-004
+%patch102 -p1 -b .CVE-2010-1321
 gzip doc/*.ps
 
 sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' doc/api/library.tex