aboutsummaryrefslogtreecommitdiff
path: root/security/krb5-16/files
diff options
context:
space:
mode:
authorCy Schubert <cy@FreeBSD.org>2005-07-12 21:29:26 +0000
committerCy Schubert <cy@FreeBSD.org>2005-07-12 21:29:26 +0000
commit4871e2a3be509fae5d98dbf7fb5f4e3c62ac7218 (patch)
tree96fc43c601de12278b70ba15e989721c3202031c /security/krb5-16/files
parent634e33d949b0bc8a1d75f9f6f9ea611fb708959d (diff)
Fix:
- MIT KRB5 Security Advisory 2005-002: Buffer overflow, heap corruption in KDC - MIT KRB5 Security Advisory 2005-003: Double free in krb5_recvauth
Notes
Notes: svn path=/head/; revision=139005
Diffstat (limited to 'security/krb5-16/files')
-rw-r--r--security/krb5-16/files/patch-lib::krb5::krb::recvauth.c18
-rw-r--r--security/krb5-16/files/patch-lib::krb5::krb::unparse.c11
2 files changed, 29 insertions, 0 deletions
diff --git a/security/krb5-16/files/patch-lib::krb5::krb::recvauth.c b/security/krb5-16/files/patch-lib::krb5::krb::recvauth.c
new file mode 100644
index 000000000000..e30b725ee133
--- /dev/null
+++ b/security/krb5-16/files/patch-lib::krb5::krb::recvauth.c
@@ -0,0 +1,18 @@
+--- lib/krb5/krb/recvauth.c.orig Mon Sep 2 18:13:47 2002
++++ lib/krb5/krb/recvauth.c Tue Jul 12 14:02:03 2005
+@@ -76,7 +76,6 @@
+ if ((retval = krb5_read_message(context, fd, &inbuf)))
+ return(retval);
+ if (strcmp(inbuf.data, sendauth_version)) {
+- krb5_xfree(inbuf.data);
+ problem = KRB5_SENDAUTH_BADAUTHVERS;
+ }
+ krb5_xfree(inbuf.data);
+@@ -90,7 +89,6 @@
+ if ((retval = krb5_read_message(context, fd, &inbuf)))
+ return(retval);
+ if (appl_version && strcmp(inbuf.data, appl_version)) {
+- krb5_xfree(inbuf.data);
+ if (!problem)
+ problem = KRB5_SENDAUTH_BADAPPLVERS;
+ }
diff --git a/security/krb5-16/files/patch-lib::krb5::krb::unparse.c b/security/krb5-16/files/patch-lib::krb5::krb::unparse.c
new file mode 100644
index 000000000000..b45233b0ab78
--- /dev/null
+++ b/security/krb5-16/files/patch-lib::krb5::krb::unparse.c
@@ -0,0 +1,11 @@
+--- lib/krb5/krb/unparse.c.orig Tue Jan 18 09:57:32 2005
++++ lib/krb5/krb/unparse.c Tue Jul 12 14:04:38 2005
+@@ -91,6 +91,8 @@
+ totalsize++;
+ totalsize++; /* This is for the separator */
+ }
++ if (nelem == 0)
++ totalsize++;
+
+ /*
+ * Allocate space for the ascii string; if space has been