Skip to content

Commit 5627666

Browse files
Kanishk-BansalKanishk-Bansal
authored
Patch heimdal for CVE-2022-45142 [High] (#13123)
1 parent fc06498 commit 5627666

File tree

2 files changed

+41
-1
lines changed

2 files changed

+41
-1
lines changed

SPECS/heimdal/CVE-2022-45142.patch

+36
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
From 7a6ba45e89d339b37c4f47538768451fa58410aa Mon Sep 17 00:00:00 2001
2+
From: Kanishk-Bansal <[email protected]>
3+
Date: Wed, 26 Mar 2025 17:04:23 +0000
4+
Subject: [PATCH] CVE-2022-45142
5+
6+
Upstream Reference [Mailing List]: https://www.openwall.com/lists/oss-security/2023/02/08/1
7+
8+
---
9+
lib/gssapi/krb5/arcfour.c | 4 ++--
10+
1 file changed, 2 insertions(+), 2 deletions(-)
11+
12+
diff --git a/lib/gssapi/krb5/arcfour.c b/lib/gssapi/krb5/arcfour.c
13+
index aa03cbe..c6c15eb 100644
14+
--- a/lib/gssapi/krb5/arcfour.c
15+
+++ b/lib/gssapi/krb5/arcfour.c
16+
@@ -365,7 +365,7 @@ _gssapi_verify_mic_arcfour(OM_uint32 * minor_status,
17+
return GSS_S_FAILURE;
18+
}
19+
20+
- cmp = (ct_memcmp(cksum_data, p + 8, 8) == 0);
21+
+ cmp = (ct_memcmp(cksum_data, p + 8, 8) != 0);
22+
if (cmp) {
23+
*minor_status = 0;
24+
return GSS_S_BAD_MIC;
25+
@@ -730,7 +730,7 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status,
26+
return GSS_S_FAILURE;
27+
}
28+
29+
- cmp = (ct_memcmp(cksum_data, p0 + 16, 8) == 0); /* SGN_CKSUM */
30+
+ cmp = (ct_memcmp(cksum_data, p0 + 16, 8) != 0); /* SGN_CKSUM */
31+
if (cmp) {
32+
_gsskrb5_release_buffer(minor_status, output_message_buffer);
33+
*minor_status = 0;
34+
--
35+
2.45.2
36+

SPECS/heimdal/heimdal.spec

+5-1
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@
1212
Summary: A Kerberos 5 implementation without export restrictions
1313
Name: heimdal
1414
Version: 7.8.0
15-
Release: 2%{?dist}
15+
Release: 3%{?dist}
1616
License: BSD AND MIT
1717
Vendor: Microsoft Corporation
1818
Distribution: Azure Linux
@@ -44,6 +44,7 @@ Patch5: 0001-lib-krb5-krb5_pac_parse-mem-leak-if-pac_header_size-.patch
4444
Patch6: 0002-kdc-Check-generate_pac-return-code.patch
4545
Patch7: 0003-kdc-avoid-re-encoding-KDC-REQ-BODY.patch
4646
Patch8: fixautoconf.patch
47+
Patch9: CVE-2022-45142.patch
4748
BuildRequires: bison
4849
#libcom_err-devel is in
4950
#BuildRequires: libcom_err-devel
@@ -486,6 +487,9 @@ fi
486487
%{_sysconfdir}/profile.d/%{name}.csh
487488

488489
%changelog
490+
* Wed Mar 26 2025 Kanishk-Bansal <[email protected]> - 7.8.0-3
491+
- Patch CVE-2022-45142
492+
489493
* Wed Apr 17 2024 Andrew Phelps <[email protected]> - 7.8.0-2
490494
- Add patch to fix build with autoconf 2.72
491495

0 commit comments

Comments
 (0)