File bug-825985-CVE-2002-2443-fix-UDP-ping-pong.dif of Package krb5

commit cf1a0c411b2668c57c41e9c4efd15ba17b6b322c
Author: Tom Yu <tlyu@mit.edu>
Date:   Fri May 3 16:26:46 2013 -0400

    Fix kpasswd UDP ping-pong [CVE-2002-2443]
    
    The kpasswd service provided by kadmind was vulnerable to a UDP
    "ping-pong" attack [CVE-2002-2443].  Don't respond to packets unless
    they pass some basic validation, and don't respond to our own error
    packets.
    
    Some authors use CVE-1999-0103 to refer to the kpasswd UDP ping-pong
    attack or UDP ping-pong attacks in general, but there is discussion
    leading toward narrowing the definition of CVE-1999-0103 to the echo,
    chargen, or other similar built-in inetd services.
    
    Thanks to Vincent Danen for alerting us to this issue.
    
    CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:P/RL:O/RC:C
    
    ticket: 7637 (new)
    target_version: 1.11.3
    tags: pullup

--- krb5-1.7/src/kadmin/server/schpw.c.orig	2013-06-27 18:01:41.737958403 +0200
+++ krb5-1.7/src/kadmin/server/schpw.c	2013-06-27 18:04:48.010229534 +0200
@@ -63,7 +63,7 @@
 	ret = KRB5KRB_AP_ERR_MODIFIED;
 	numresult = KRB5_KPASSWD_MALFORMED;
 	strlcpy(strresult, "Request was truncated", sizeof(strresult));
-	goto chpwfail;
+        goto bailout;
     }
 
     ptr = req->data;
@@ -86,7 +86,7 @@
 	numresult = KRB5_KPASSWD_BAD_VERSION;
 	snprintf(strresult, sizeof(strresult),
 		 "Request contained unknown protocol version number %d", vno);
-	goto chpwfail;
+        goto bailout;
     }
 
     /* read, check ap-req length */
@@ -99,7 +99,7 @@
 	numresult = KRB5_KPASSWD_MALFORMED;
 	strlcpy(strresult, "Request was truncated in AP-REQ",
 		sizeof(strresult));
-	goto chpwfail;
+        goto bailout;
     }
 
     /* verify ap_req */
@@ -199,7 +199,7 @@
 	    numresult = KRB5_KPASSWD_MALFORMED;
 	    strlcpy(strresult, "Failed decoding ChangePasswdData",
 		    sizeof(strresult));
-	    goto chpwfail;
+            goto bailout;
 	}
 
 	memset(clear.data, 0, clear.length);