Correct Sun RPC buffer overflow.

<URL:http://online.securityfocus.com/archive/1/285308> <URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20823>
author: Jacques Vidrine <nectar@FreeBSD.org> 2002-08-02 18:22:45 +0000
committer: Jacques Vidrine <nectar@FreeBSD.org> 2002-08-02 18:22:45 +0000
commit: 20b714697206a6cc9d1a6be541b17ef609ce3163 (patch)
tree: c88f07b19380d10e1f391afec07dabbda9212b1d /security/krb5-appl/files
parent: 4a5ec7d63f856b237b7eca476b2a3aece0d8f2af (diff)
1 files changed, 20 insertions, 0 deletions
diff --git a/security/krb5-appl/files/patch-lib::rpc::xdr_array.c b/security/krb5-appl/files/patch-lib::rpc::xdr_array.c
new file mode 100644
index 000000000000..be9be37eada6
--- /dev/null
+++ b/security/krb5-appl/files/patch-lib::rpc::xdr_array.c
@@ -0,0 +1,20 @@
+--- lib/rpc/xdr_array.c.orig	Fri Feb 13 20:27:23 1998
++++ lib/rpc/xdr_array.c	Fri Aug  2 13:03:55 2002
+@@ -40,6 +40,7 @@
+  * arrays.  See xdr.h for more info on the interface to xdr.
+  */
+ 
++#include <limits.h>
+ #include <stdio.h>
+ 
+ #include <gssrpc/types.h>
+@@ -75,7 +76,8 @@
+ 		return (FALSE);
+ 	}
+ 	c = *sizep;
+-	if ((c > maxsize) && (xdrs->x_op != XDR_FREE)) {
++	if ((c > maxsize || UINT_MAX/elsize < c) &&
++	    (xdrs->x_op != XDR_FREE)) {
+ 		return (FALSE);
+ 	}
+ 	nodesize = c * elsize;
author	Jacques Vidrine <nectar@FreeBSD.org>	2002-08-02 18:22:45 +0000
committer	Jacques Vidrine <nectar@FreeBSD.org>	2002-08-02 18:22:45 +0000
commit	20b714697206a6cc9d1a6be541b17ef609ce3163 (patch)
tree	c88f07b19380d10e1f391afec07dabbda9212b1d /security/krb5-appl/files
parent	4a5ec7d63f856b237b7eca476b2a3aece0d8f2af (diff)