70 lines
2.4 KiB
Diff
70 lines
2.4 KiB
Diff
From 2ea3f2db8087e0a2c4a18c633b039c722cb6f829 Mon Sep 17 00:00:00 2001
|
|
From: Nicolas Williams <nico@cryptonector.com>
|
|
Date: Wed, 12 Oct 2011 01:15:13 -0500
|
|
Subject: [PATCH 2/2] CVE-2022-45141 source4/heimdal: Fix check-des
|
|
|
|
The previous fix was incomplete. But it also finally uncovered an
|
|
old check-des problem that I'd had once and which may have gotten
|
|
papered over by changing the default of one of the *strongest* KDC
|
|
parameters. The old problem is that we were passing the wrong
|
|
enctype to _kdc_encode_reply(): we were passing the session key
|
|
enctype where the ticket enc-part key's enctype was expected.
|
|
|
|
The whole enctype being passed in is superfluous anyways. Let's
|
|
clean that up next.
|
|
|
|
(cherry picked from Heimdal commit 4c6976a6bdf8a76c6f3c650ae970d46c931e5c71)
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15214
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
|
|
|
|
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
|
|
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
Conflict: NA
|
|
Reference: https://attachments.samba.org/attachment.cgi?id=17680
|
|
---
|
|
source4/heimdal/kdc/krb5tgs.c | 15 ++++++++++++---
|
|
1 file changed, 12 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c
|
|
index 7391393e4b64..609649003ea5 100644
|
|
--- a/source4/heimdal/kdc/krb5tgs.c
|
|
+++ b/source4/heimdal/kdc/krb5tgs.c
|
|
@@ -747,7 +747,7 @@ tgs_make_reply(krb5_context context,
|
|
etype list, even if we don't want a session key with
|
|
DES3? */
|
|
ret = _kdc_encode_reply(context, config,
|
|
- &rep, &et, &ek, et.key.keytype,
|
|
+ &rep, &et, &ek, serverkey->keytype,
|
|
kvno,
|
|
serverkey, 0, replykey, rk_is_subkey,
|
|
e_text, reply);
|
|
@@ -1665,13 +1665,22 @@ server_lookup:
|
|
} else {
|
|
Key *skey;
|
|
|
|
- ret = _kdc_get_preferred_key(context, config, server, spn,
|
|
- &etype, &skey);
|
|
+ ret = _kdc_find_etype(context,
|
|
+ config->tgs_use_strongest_session_key, FALSE,
|
|
+ server, b->etype.val, b->etype.len, &etype,
|
|
+ NULL);
|
|
if(ret) {
|
|
kdc_log(context, config, 0,
|
|
"Server (%s) has no support for etypes", spn);
|
|
goto out;
|
|
}
|
|
+ ret = _kdc_get_preferred_key(context, config, server, spn,
|
|
+ NULL, &skey);
|
|
+ if(ret) {
|
|
+ kdc_log(context, config, 0,
|
|
+ "Server (%s) has no supported etypes", spn);
|
|
+ goto out;
|
|
+ }
|
|
ekey = &skey->key;
|
|
kvno = server->entry.kvno;
|
|
}
|
|
--
|
|
2.34.1
|