From bca35b54e0ca4e005902ec59f607bf1c53a0db12 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=86=AF=E5=B7=9D=E4=B8=8010346279?=
 <feng.chuanyi@zte.com.cn>
Date: Thu, 16 May 2024 10:43:55 +0800
Subject: [PATCH] CVE

---
 0018-fix-CVE-2024-26462.patch | 20 ++++++++++++++++++++
 krb5.spec                     |  6 +++++-
 2 files changed, 25 insertions(+), 1 deletion(-)
 create mode 100644 0018-fix-CVE-2024-26462.patch

diff --git a/0018-fix-CVE-2024-26462.patch b/0018-fix-CVE-2024-26462.patch
new file mode 100644
index 0000000..80d839a
--- /dev/null
+++ b/0018-fix-CVE-2024-26462.patch
@@ -0,0 +1,20 @@
+diff --git a/src/kdc/ndr.c b/src/kdc/ndr.c
+index 48395ab..d438408 100644
+--- a/src/kdc/ndr.c
++++ b/src/kdc/ndr.c
+@@ -96,14 +96,13 @@ enc_wchar_pointer(const char *utf8, struct encoded_wchars *encoded_out)
+     size_t utf16len, num_wchars;
+     uint8_t *utf16;
+ 
+-    k5_buf_init_dynamic(&b);
+-
+     ret = k5_utf8_to_utf16le(utf8, &utf16, &utf16len);
+     if (ret)
+         return ret;
+ 
+     num_wchars = utf16len / 2;
+ 
++    k5_buf_init_dynamic(&b);
+     k5_buf_add_uint32_le(&b, num_wchars + 1);
+     k5_buf_add_uint32_le(&b, 0);
+     k5_buf_add_uint32_le(&b, num_wchars);
diff --git a/krb5.spec b/krb5.spec
index 03fefa4..4295f27 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -1,4 +1,4 @@
-%define anolis_release 1
+%define anolis_release 2
 
 # Set this so that find-lang.sh will recognize the .po files.
 %global gettext_domain mit-krb5
@@ -50,6 +50,7 @@ Patch14: 0014-downstream-Include-missing-OpenSSL-FIPS-header.patch
 Patch15: 0015-downstream-Do-not-set-root-as-ksu-file-owner.patch
 Patch16: 0016-downstream-Allow-KRB5KDF-MD5-and-MD4-in-FIPS-mode.patch
 Patch17: 0017-Add-PAC-full-checksums.patch
+Patch18: 0018-fix-CVE-2024-26462.patch
 
 License: MIT
 URL: https://web.mit.edu/kerberos/www/
@@ -685,6 +686,9 @@ exit 0
 %{_datarootdir}/%{name}-tests/
 
 %changelog
+* Thu May 16 2024 Chuanyi Feng <feng.chuanyi@zte.com.cn> - 1.20.2-2
+- Fix CVE-2024-26462
+
 * Thu Aug 10 2023 Funda Wang <fundawang@yeah.net> - 1.20.2-1
 - New version 1.20.2
 
-- 
Gitee