Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Patch heimdal for CVE-2022-45142 [High] #13123

Merged
merged 1 commit into from
Mar 27, 2025
Merged

Patch heimdal for CVE-2022-45142 [High] #13123

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 36 additions & 0 deletions SPECS/heimdal/CVE-2022-45142.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
From 7a6ba45e89d339b37c4f47538768451fa58410aa Mon Sep 17 00:00:00 2001
From: Kanishk-Bansal <[email protected]>
Date: Wed, 26 Mar 2025 17:04:23 +0000
Subject: [PATCH] CVE-2022-45142

Upstream Reference [Mailing List]: https://www.openwall.com/lists/oss-security/2023/02/08/1

---
lib/gssapi/krb5/arcfour.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/gssapi/krb5/arcfour.c b/lib/gssapi/krb5/arcfour.c
index aa03cbe..c6c15eb 100644
--- a/lib/gssapi/krb5/arcfour.c
+++ b/lib/gssapi/krb5/arcfour.c
@@ -365,7 +365,7 @@ _gssapi_verify_mic_arcfour(OM_uint32 * minor_status,
return GSS_S_FAILURE;
}

- cmp = (ct_memcmp(cksum_data, p + 8, 8) == 0);
+ cmp = (ct_memcmp(cksum_data, p + 8, 8) != 0);
if (cmp) {
*minor_status = 0;
return GSS_S_BAD_MIC;
@@ -730,7 +730,7 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status,
return GSS_S_FAILURE;
}

- cmp = (ct_memcmp(cksum_data, p0 + 16, 8) == 0); /* SGN_CKSUM */
+ cmp = (ct_memcmp(cksum_data, p0 + 16, 8) != 0); /* SGN_CKSUM */
if (cmp) {
_gsskrb5_release_buffer(minor_status, output_message_buffer);
*minor_status = 0;
--
2.45.2

6 changes: 5 additions & 1 deletion SPECS/heimdal/heimdal.spec
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
Summary: A Kerberos 5 implementation without export restrictions
Name: heimdal
Version: 7.8.0
Release: 2%{?dist}
Release: 3%{?dist}
License: BSD AND MIT
Vendor: Microsoft Corporation
Distribution: Azure Linux
Expand Down Expand Up @@ -44,6 +44,7 @@ Patch5: 0001-lib-krb5-krb5_pac_parse-mem-leak-if-pac_header_size-.patch
Patch6: 0002-kdc-Check-generate_pac-return-code.patch
Patch7: 0003-kdc-avoid-re-encoding-KDC-REQ-BODY.patch
Patch8: fixautoconf.patch
Patch9: CVE-2022-45142.patch
BuildRequires: bison
#libcom_err-devel is in
#BuildRequires: libcom_err-devel
Expand Down Expand Up @@ -486,6 +487,9 @@ fi
%{_sysconfdir}/profile.d/%{name}.csh

%changelog
* Wed Mar 26 2025 Kanishk-Bansal <[email protected]> - 7.8.0-3
- Patch CVE-2022-45142

* Wed Apr 17 2024 Andrew Phelps <[email protected]> - 7.8.0-2
- Add patch to fix build with autoconf 2.72

Expand Down
Loading