net/krb5/patches/002-MITKRB5-SA-2011-002.patch

   1 diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
   2 index 1ca09b4..60caf3d 100644
   3 --- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
   4 +++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
   5 @@ -102,14 +102,18 @@ extern void prepend_err_str (krb5_context ctx, const char *s, krb5_error_code er
   6  #define LDAP_SEARCH(base, scope, filter, attrs)   LDAP_SEARCH_1(base, scope, filter, attrs, CHECK_STATUS)
   7
   8  #define LDAP_SEARCH_1(base, scope, filter, attrs, status_check)         \
   9 -    do {                                                                \
  10 -        st = ldap_search_ext_s(ld, base, scope, filter, attrs, 0, NULL, NULL, &timelimit, LDAP_NO_LIMIT, &result); \
  11 -        if (translate_ldap_error(st, OP_SEARCH) == KRB5_KDB_ACCESS_ERROR) { \
  12 -            tempst = krb5_ldap_rebind(ldap_context, &ldap_server_handle); \
  13 -            if (ldap_server_handle)                                     \
  14 -                ld = ldap_server_handle->ldap_handle;                   \
  15 -        }                                                               \
  16 -    }while (translate_ldap_error(st, OP_SEARCH) == KRB5_KDB_ACCESS_ERROR && tempst == 0); \
  17 +    tempst = 0;                                                         \
  18 +    st = ldap_search_ext_s(ld, base, scope, filter, attrs, 0, NULL,     \
  19 +                           NULL, &timelimit, LDAP_NO_LIMIT, &result);   \
  20 +    if (translate_ldap_error(st, OP_SEARCH) == KRB5_KDB_ACCESS_ERROR) { \
  21 +        tempst = krb5_ldap_rebind(ldap_context, &ldap_server_handle);   \
  22 +        if (ldap_server_handle)                                         \
  23 +            ld = ldap_server_handle->ldap_handle;                       \
  24 +        if (tempst == 0)                                                \
  25 +            st = ldap_search_ext_s(ld, base, scope, filter, attrs, 0,   \
  26 +                                   NULL, NULL, &timelimit,              \
  27 +                                   LDAP_NO_LIMIT, &result);             \
  28 +    }                                                                   \
  29                                                                          \
  30      if (status_check != IGNORE_STATUS) {                                \
  31          if (tempst != 0) {                                              \
  32 diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c
  33 index 82b0333..84e80ee 100644
  34 --- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c
  35 +++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c
  36 @@ -302,6 +302,7 @@ krb5_ldap_rebind(krb5_ldap_context *ldap_context,
  37  {
  38      krb5_ldap_server_handle     *handle = *ldap_server_handle;
  39
  40 +    ldap_unbind_ext_s(handle->ldap_handle, NULL, NULL);
  41      if ((ldap_initialize(&handle->ldap_handle, handle->server_info->server_name) != LDAP_SUCCESS)
  42          || (krb5_ldap_bind(ldap_context, handle) != LDAP_SUCCESS))
  43          return krb5_ldap_request_next_handle_from_pool(ldap_context, ldap_server_handle);
  44 diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
  45 index f549e23..b70940f 100644
  46 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
  47 +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
  48 @@ -446,12 +446,11 @@ is_principal_in_realm(krb5_ldap_context *ldap_context,
  49       * portion, then the first portion of the principal name SHOULD be
  50       * "krbtgt".  All this check is done in the immediate block.
  51       */
  52 -    if (searchfor->length == 2)
  53 -        if ((strncasecmp(searchfor->data[0].data, "krbtgt",
  54 -                         FIND_MAX(searchfor->data[0].length, strlen("krbtgt"))) == 0) &&
  55 -            (strncasecmp(searchfor->data[1].data, defrealm,
  56 -                         FIND_MAX(searchfor->data[1].length, defrealmlen)) == 0))
  57 +    if (searchfor->length == 2) {
  58 +        if (data_eq_string(searchfor->data[0], "krbtgt") &&
  59 +            data_eq_string(searchfor->data[1], defrealm))
  60              return 0;
  61 +    }
  62
  63      /* first check the length, if they are not equal, then they are not same */
  64      if (strlen(defrealm) != searchfor->realm.length)
  65 diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
  66 index 7ad31da..626ed1f 100644
  67 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
  68 +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
  69 @@ -103,10 +103,10 @@ krb5_ldap_get_principal(krb5_context context, krb5_const_principal searchfor,
  70                          unsigned int flags, krb5_db_entry *entries,
  71                          int *nentries, krb5_boolean *more)
  72  {
  73 -    char                        *user=NULL, *filter=NULL, **subtree=NULL;
  74 +    char                        *user=NULL, *filter=NULL, *filtuser=NULL;
  75      unsigned int                tree=0, ntrees=1, princlen=0;
  76      krb5_error_code             tempst=0, st=0;
  77 -    char                        **values=NULL, *cname=NULL;
  78 +    char                        **values=NULL, **subtree=NULL, *cname=NULL;
  79      LDAP                        *ld=NULL;
  80      LDAPMessage                 *result=NULL, *ent=NULL;
  81      krb5_ldap_context           *ldap_context=NULL;
  82 @@ -142,12 +142,18 @@ krb5_ldap_get_principal(krb5_context context, krb5_const_principal searchfor,
  83      if ((st=krb5_ldap_unparse_principal_name(user)) != 0)
  84          goto cleanup;
  85
  86 -    princlen = strlen(FILTER) + strlen(user) + 2 + 1;      /* 2 for closing brackets */
  87 +    filtuser = ldap_filter_correct(user);
  88 +    if (filtuser == NULL) {
  89 +        st = ENOMEM;
  90 +        goto cleanup;
  91 +    }
  92 +
  93 +    princlen = strlen(FILTER) + strlen(filtuser) + 2 + 1;  /* 2 for closing brackets */
  94      if ((filter = malloc(princlen)) == NULL) {
  95          st = ENOMEM;
  96          goto cleanup;
  97      }
  98 -    snprintf(filter, princlen, FILTER"%s))", user);
  99 +    snprintf(filter, princlen, FILTER"%s))", filtuser);
 100
 101      if ((st = krb5_get_subtree_info(ldap_context, &subtree, &ntrees)) != 0)
 102          goto cleanup;
 103 @@ -231,6 +237,9 @@ cleanup:
 104      if (user)
 105          free(user);
 106
 107 +    if (filtuser)
 108 +        free(filtuser);
 109 +
 110      if (cname)
 111          free(cname);
 112