From 20b714697206a6cc9d1a6be541b17ef609ce3163 Mon Sep 17 00:00:00 2001
From: Jacques Vidrine <nectar@FreeBSD.org>
Date: Fri, 2 Aug 2002 18:22:45 +0000
Subject: Correct Sun RPC buffer overflow.
 <URL:http://online.securityfocus.com/archive/1/285308>
 <URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20823>

---
 security/krb5/Makefile                          |  2 +-
 security/krb5/files/patch-lib::rpc::xdr_array.c | 20 ++++++++++++++++++++
 2 files changed, 21 insertions(+), 1 deletion(-)
 create mode 100644 security/krb5/files/patch-lib::rpc::xdr_array.c

(limited to 'security/krb5')

diff --git a/security/krb5/Makefile b/security/krb5/Makefile
index 2bb196574f7e..5406f50c601c 100644
--- a/security/krb5/Makefile
+++ b/security/krb5/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=		krb5
 PORTVERSION=		1.2.5
-PORTREVISION=		1
+PORTREVISION=		2
 CATEGORIES=		security
 .if defined(USA_RESIDENT) && ${USA_RESIDENT} == "NO"
 MASTER_SITES=		http://www.crypto-publish.org/dist/mit-kerberos5/
diff --git a/security/krb5/files/patch-lib::rpc::xdr_array.c b/security/krb5/files/patch-lib::rpc::xdr_array.c
new file mode 100644
index 000000000000..be9be37eada6
--- /dev/null
+++ b/security/krb5/files/patch-lib::rpc::xdr_array.c
@@ -0,0 +1,20 @@
+--- lib/rpc/xdr_array.c.orig	Fri Feb 13 20:27:23 1998
++++ lib/rpc/xdr_array.c	Fri Aug  2 13:03:55 2002
+@@ -40,6 +40,7 @@
+  * arrays.  See xdr.h for more info on the interface to xdr.
+  */
+ 
++#include <limits.h>
+ #include <stdio.h>
+ 
+ #include <gssrpc/types.h>
+@@ -75,7 +76,8 @@
+ 		return (FALSE);
+ 	}
+ 	c = *sizep;
+-	if ((c > maxsize) && (xdrs->x_op != XDR_FREE)) {
++	if ((c > maxsize || UINT_MAX/elsize < c) &&
++	    (xdrs->x_op != XDR_FREE)) {
+ 		return (FALSE);
+ 	}
+ 	nodesize = c * elsize;
-- 
cgit v1.2.3