intel · pdxjohnny · Jan 30, 2020 · Jan 28, 2020 · Jan 28, 2020
diff --git a/cve_bin_tool/checkers/kerberos.py b/cve_bin_tool/checkers/kerberos.py
@@ -30,7 +30,6 @@ def guess_krb5_version_from_content(lines):
     for line in lines:
         match = pattern1.search(line)
         if match:
-            LOGGER.debug(match.group(0))
             new_guess2 = match.group(0).strip()
             if len(new_guess2) > len(new_guess):
                 new_guess = new_guess2
@@ -57,6 +56,7 @@ def get_version(lines, filename):
     version gives the actual version number
 
     VPkg: mit, kerberos
+    VPkg: mit, kerberos_5
     """
     version_info = dict()
     if "kerberos" in filename:
@@ -68,4 +68,22 @@ def get_version(lines, filename):
         version_info["modulename"] = "kerberos"
         version_info["version"] = guess_krb5_version_from_content(lines)
 
+    # currently we're only detecting kerberos 5, so return a double-version_info list
+    # if we ever detect kerberos that's not 5, this if statement will change
+    if "is_or_contains" in version_info:
+        version_info5 = [dict(), dict()]
+        version_info5[0] = version_info
+        version_info5[1] = dict()
+        version_info5[1]["is_or_contains"] = version_info["is_or_contains"]
+        version_info5[1]["modulename"] = "kerberos_5"
+
+        # strip the leading "5-" off the version for 'kerberos_5' if there is one
+        # or conversely, add one to the 'kerberos' listing if there isn't
+        if version_info["version"][:2] == "5-":
+            version_info5[1]["version"] = version_info["version"][2:]
+        else:
+            version_info5[1]["version"] = version_info["version"]
+            version_info5[0]["version"] = "5-{}".format(version_info["version"])
+        return version_info5
+
     return version_info
diff --git a/cve_bin_tool/cli.py b/cve_bin_tool/cli.py
@@ -181,27 +181,35 @@ def scan_file(self, filename):
             (get_version, vendor_package_pairs),
         ) in self.checkers.items():
             result = get_version(lines, filename)
+            # do some magic so we can iterate over all results, even the ones that just return 1 hit
             if "is_or_contains" in result:
-                modulename = result["modulename"]
-                version = "UNKNOWN"
-                if "version" in result:
-                    version = result["version"]
-                else:
-                    self.logger.error(
-                        "error: no version info for %r", result["modulename"]
-                    )
+                results = [dict()]
+                results[0] = result
+            else:
+                results = result
+
+            for result in results:
+                if "is_or_contains" in result:
+                    modulename = result["modulename"]
+                    version = "UNKNOWN"
+                    if "version" in result:
+                        version = result["version"]
+                    else:
+                        self.logger.error(
+                            "error: no version info for %r", result["modulename"]
+                        )
 
-                found_cves = self.get_cves(vendor_package_pairs, version)
-                if found_cves:
-                    self.files_with_cve = self.files_with_cve + 1
-                self.all_cves[modulename][version] = found_cves
-                self.logger.info(
-                    "%s %s %s %s"
-                    % (filename, result["is_or_contains"], modulename, version)
-                )
-                if found_cves.keys():
-                    self.logger.info("Known CVEs in version " + str(version))
-                    self.logger.info(", ".join(found_cves.keys()))
+                    found_cves = self.get_cves(vendor_package_pairs, version)
+                    if found_cves:
+                        self.files_with_cve = self.files_with_cve + 1
+                    self.all_cves[modulename][version] = found_cves
+                    self.logger.info(
+                        "%s %s %s %s"
+                        % (filename, result["is_or_contains"], modulename, version)
+                    )
+                    if found_cves.keys():
+                        self.logger.info("Known CVEs in version " + str(version))
+                        self.logger.info(", ".join(found_cves.keys()))
 
         self.logger.debug("Done scanning file: %r" % filename)
         return self.all_cves

diff --git a/test/test_scanner.py b/test/test_scanner.py
@@ -309,14 +309,20 @@ def test_jpeg_rpm_2_0_0(self):
             "2.0.0",
         )
 
-    @unittest.skip("Disabled because of bug #301")
     def test_kerberos_1_15_1(self):
         """Scanning test-kerberos-5-1.15.1.out"""
         self._binary_test(
             "test-kerberos-5-1.15.1.out",
             "kerberos",
             "5-1.15.1",
-            ["CVE-2017-11462", "CVE-2017-11368", "CVE-2018-5730"],  # affected by bug #1
+            ["CVE-2018-5730"],
+            ["CVE-2019-3823"],
+        )
+        self._binary_test(
+            "test-kerberos-5-1.15.1.out",
+            "kerberos_5",
+            "1.15.1",
+            ["CVE-2017-11462", "CVE-2017-11368"],
             ["CVE-2019-3823"],
         )
 
@@ -326,7 +332,7 @@ def test_kerberos_rpm_1_15_1(self):
         self._file_test(
             "http://mirror.centos.org/centos/7/os/x86_64/Packages/",
             "krb5-libs-1.15.1-37.el7_6.i686.rpm",
-            "kerberos",
+            "kerberos_5",
             "1.15.1",
         )
 
@@ -337,7 +343,7 @@ def test_kerberos_deb_1_15(self):
             "http://http.us.debian.org/debian/pool/main/k/krb5/",
             "libkrb5-3_1.15-1+deb9u1_amd64.deb",
             "kerberos",
-            "1.15",
+            "5-1.15",
         )
 
     def test_libgcrypt_1_7_6(self):