Files @ 881a7bdbaaab
Branch filter:

Location: ohnobinki_overlay/app-crypt/mit-krb5/files/CVE-2009-0844+CVE-2009-0847.patch - annotation

881a7bdbaaab 2.0 KiB text/x-diff Show Source Show as Raw Download as Raw
binki
dev-util/boost-build: Sync with portage for boost-build-1.42.0, fix syntax, remove old stuff.
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510

Index: krb5-1.6.3/src/lib/gssapi/spnego/spnego_mech.c
===================================================================
--- krb5-1.6.3.orig/src/lib/gssapi/spnego/spnego_mech.c
+++ krb5-1.6.3/src/lib/gssapi/spnego/spnego_mech.c
@@ -1815,7 +1815,8 @@ get_input_token(unsigned char **buff_in,
 		return (NULL);
 
 	input_token->length = gssint_get_der_length(buff_in, buff_length, &bytes);
-	if ((int)input_token->length == -1) {
+	if ((int)input_token->length == -1 ||                                           
+	    input_token->length > buff_length) {                                        
 		free(input_token);
 		return (NULL);
 	}
Index: krb5-1.6.3/src/lib/krb5/asn.1/asn1buf.c
===================================================================
--- krb5-1.6.3.orig/src/lib/krb5/asn.1/asn1buf.c
+++ krb5-1.6.3/src/lib/krb5/asn.1/asn1buf.c
@@ -78,11 +78,11 @@ asn1_error_code asn1buf_wrap_data(asn1bu
 
 asn1_error_code asn1buf_imbed(asn1buf *subbuf, const asn1buf *buf, const unsigned int length, const int indef)
 {
+  if (buf->next > buf->bound + 1) return ASN1_OVERRUN;                                                       
   subbuf->base = subbuf->next = buf->next;
   if (!indef) {
+      if (length > (size_t)(buf->bound + 1 - buf->next)) return ASN1_OVERRUN;                                
       subbuf->bound = subbuf->base + length - 1;
-      if (subbuf->bound > buf->bound)
-	  return ASN1_OVERRUN;
   } else /* constructed indefinite */
       subbuf->bound = buf->bound;
   return 0;
@@ -200,6 +200,7 @@ asn1_error_code asn1buf_remove_octetstri
 {
   int i;
 
+  if (buf->next > buf->bound + 1) return ASN1_OVERRUN;                                                       
   if (len > buf->bound + 1 - buf->next) return ASN1_OVERRUN;
   if (len == 0) {
       *s = 0;
@@ -218,6 +219,7 @@ asn1_error_code asn1buf_remove_charstrin
 {
   int i;
 
+  if (buf->next > buf->bound + 1) return ASN1_OVERRUN;                                                       
   if (len > buf->bound + 1 - buf->next) return ASN1_OVERRUN;
   if (len == 0) {
       *s = 0;
Server instance: zserverv-756375 This site is powered by Kallithea, which is © 2010–2021 by various authors & licensed under GPLv3. – Support