add fix for CVE-2010-1323 from
http://web.mit.edu/kerberos/advisories/2010-007-patch-r15.txt


(tez)

@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.49 2010/05/20 14:21:23 tez Exp $
+# $NetBSD: Makefile,v 1.50 2010/12/03 20:11:31 tez Exp $
 
 DISTNAME=	krb5-1.4.2
 PKGNAME=	mit-${DISTNAME:S/-signed$//}
-PKGREVISION=	10
+PKGREVISION=	11
 CATEGORIES=	security
 MASTER_SITES=	http://web.mit.edu/kerberos/dist/krb5/1.4/
 DISTFILES=	${DISTNAME}-signed${EXTRACT_SUFX}

@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.25 2010/05/20 14:21:23 tez Exp $
+$NetBSD: distinfo,v 1.26 2010/12/03 20:11:31 tez Exp $
 
 SHA1 (krb5-1.4.2-signed.tar) = bbc03bd319d539fb9523c2545d80ba0784522e88
 RMD160 (krb5-1.4.2-signed.tar) = 44500f5fab8e5959cf43f17f5f52f68e2dc73a1f
@@ -53,3 +53,7 @@
 SHA1 (patch-bv) = b07fc44dcc577bffece1eb85f5f93e4c10a58e00
 SHA1 (patch-bw) = ffdf13931306b15b9282863926f769f079ffe8f9
 SHA1 (patch-bx) = d0e54b7e50f066c0680e982bb251c763e9104e24
+SHA1 (patch-ca) = 93c234c007f2dafa0221d1bd1d3ed4953fc116c9
+SHA1 (patch-cb) = 9d892ed2993178085dd7df565afb794fe18f0f06
+SHA1 (patch-cc) = 6fe639b33da7756f6e9ad1a03e2f40d74ddb9c6d
+SHA1 (patch-cd) = 8339ac4305865b8e540a0f1bb14c1f1478447c0b

$NetBSD: patch-ca,v 1.1 2010/12/03 20:11:31 tez Exp $

CVE-2010-1323 fix

--- lib/crypto/keyed_checksum_types.c.orig	2010-12-03 11:36:00.476825900 -0600
+++ lib/crypto/keyed_checksum_types.c	2010-12-03 11:37:44.915328600 -0600
@@ -51,6 +51,15 @@
 {
     unsigned int i, c;
 
+    if (enctype == ENCTYPE_ARCFOUR_HMAC ||
+	enctype == ENCTYPE_ARCFOUR_HMAC_EXP) {
+	*count = 1;
+	if ((*cksumtypes = malloc(sizeof(krb5_cksumtype))) == NULL)
+	    return(ENOMEM);
+	(*cksumtypes)[0] = CKSUMTYPE_HMAC_MD5_ARCFOUR;
+	return(0);
+    }
+
     c = 0;
     for (i=0; i<krb5_cksumtypes_length; i++) {
 	if ((krb5_cksumtypes_list[i].keyhash &&

$NetBSD: patch-cb,v 1.1 2010/12/03 20:11:31 tez Exp $

CVE-2010-1323 fix

--- lib/crypto/dk/derive.c.orig	2010-12-03 11:38:08.683111800 -0600
+++ lib/crypto/dk/derive.c	2010-12-03 11:38:50.395857000 -0600
@@ -40,6 +40,8 @@
     keybytes = enc->keybytes;
     keylength = enc->keylength;
 
+    if (blocksize == 1)
+	return(KRB5_BAD_ENCTYPE);
     if ((inkey->length != keylength) ||
 	(outkey->length != keylength))
 	return(KRB5_CRYPTO_INTERNAL);

$NetBSD: patch-cc,v 1.1 2010/12/03 20:11:31 tez Exp $

CVE-2010-1323 fix

--- lib/krb5/krb/preauth2.c.orig	2010-12-03 11:39:40.124063600 -0600
+++ lib/krb5/krb/preauth2.c	2010-12-03 11:41:33.300010400 -0600
@@ -665,7 +665,9 @@
 
    cksum = sc2->sam_cksum;
    
-   while (*cksum) {
+   for (; *cksum; cksum++) {
+	if (!krb5_c_is_keyed_cksum((*cksum)->checksum_type))
+	    continue;
 	/* Check this cksum */
 	retval = krb5_c_verify_checksum(context, as_key,
 			KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM,
@@ -679,7 +681,6 @@
 	}
 	if (valid_cksum)
 	   break;
-	cksum++;
    }
 
    if (!valid_cksum) {

$NetBSD: patch-cd,v 1.1 2010/12/03 20:11:31 tez Exp $

CVE-2010-1323 fix

--- lib/krb5/krb/mk_safe.c.orig	2010-12-03 11:41:53.890970000 -0600
+++ lib/krb5/krb/mk_safe.c	2010-12-03 11:44:00.588325800 -0600
@@ -212,10 +212,29 @@
 	for (i = 0; i < nsumtypes; i++)
 		if (auth_context->safe_cksumtype == sumtypes[i])
 			break;
-	if (i == nsumtypes)
-		i = 0;
-	sumtype = sumtypes[i];
 	krb5_free_cksumtypes (context, sumtypes);
+	if (i < nsumtypes)
+	    sumtype = auth_context->safe_cksumtype;
+	else {
+	    switch (keyblock->enctype) {
+	    case ENCTYPE_DES_CBC_MD4:
+		sumtype = CKSUMTYPE_RSA_MD4_DES;
+		break;
+	    case ENCTYPE_DES_CBC_MD5:
+	    case ENCTYPE_DES_CBC_CRC:
+		sumtype = CKSUMTYPE_RSA_MD5_DES;
+		break;
+	    default:
+		retval = krb5int_c_mandatory_cksumtype(context,
+						       keyblock->enctype,
+						       &sumtype);
+		if (retval) {
+		    CLEANUP_DONE();
+		    goto error;
+		}
+		break;
+	    }
+	}
     }
     if ((retval = krb5_mk_safe_basic(context, userdata, keyblock, &replaydata, 
 				     plocal_fulladdr, premote_fulladdr,