Fix heimdal KDC-REP service name validation vulnerability [SA-17:05]

Approved by:	so

3 files changed, 8 insertions, 4 deletions

diff --git a/UPDATING b/UPDATING
index cc46108..1caeda5 100644
--- a/UPDATING
+++ b/UPDATING
@@ -16,7 +16,11 @@ from older versions of FreeBSD, try WITHOUT_CLANG and WITH_GCC to bootstrap to
 the tip of head, and then rebuild without this option. The bootstrap process
 from older version of current across the gcc/clang cutover is a bit fragile.
 
-20170427        p10     FreeBSD-SA-17:04.ipfilter
+20170712	p11	FreeBSD-SA-17:05.heimdal
+
+	Fix heimdal KDC-REP service name validation vulnerability.
+
+20170427	p10	FreeBSD-SA-17:04.ipfilter
 
 	Fix ipfilter(4) fragment handling panic. [SA-17:04]
 
diff --git a/crypto/heimdal/lib/krb5/ticket.c b/crypto/heimdal/lib/krb5/ticket.c
index 4845a93..5b6eabe 100644
--- a/crypto/heimdal/lib/krb5/ticket.c
+++ b/crypto/heimdal/lib/krb5/ticket.c
@@ -713,8 +713,8 @@ _krb5_extract_ticket(krb5_context context,
     /* check server referral and save principal */
     ret = _krb5_principalname2krb5_principal (context,
 					      &tmp_principal,
-					      rep->kdc_rep.ticket.sname,
-					      rep->kdc_rep.ticket.realm);
+					      rep->enc_part.sname,
+					      rep->enc_part.srealm);
     if (ret)
 	goto out;
     if((flags & EXTRACT_TICKET_ALLOW_SERVER_MISMATCH) == 0){
diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh
index 7314fb6..d323326 100644
--- a/sys/conf/newvers.sh
+++ b/sys/conf/newvers.sh
@@ -32,7 +32,7 @@
 
 TYPE="FreeBSD"
 REVISION="11.0"
-BRANCH="RELEASE-p10"
+BRANCH="RELEASE-p11"
 if [ -n "${BRANCH_OVERRIDE}" ]; then
 	BRANCH=${BRANCH_OVERRIDE}
 fi