Files @ a78ac8ae45f1
Branch filter:

Location: ohnobinki_overlay/app-crypt/mit-krb5/files/CVE-2009-0844+CVE-2009-0847.patch - annotation

a78ac8ae45f1 2.0 KiB text/x-diff Show Source Show as Raw Download as Raw
binki
use --libs-only-L and --libs-only-l to avoid -pthread error for bug 300256
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510
f422522f7510

Index: krb5-1.6.3/src/lib/gssapi/spnego/spnego_mech.c
===================================================================
--- krb5-1.6.3.orig/src/lib/gssapi/spnego/spnego_mech.c
+++ krb5-1.6.3/src/lib/gssapi/spnego/spnego_mech.c
@@ -1815,7 +1815,8 @@ get_input_token(unsigned char **buff_in,
 		return (NULL);
 
 	input_token->length = gssint_get_der_length(buff_in, buff_length, &bytes);
-	if ((int)input_token->length == -1) {
+	if ((int)input_token->length == -1 ||                                           
+	    input_token->length > buff_length) {                                        
 		free(input_token);
 		return (NULL);
 	}
Index: krb5-1.6.3/src/lib/krb5/asn.1/asn1buf.c
===================================================================
--- krb5-1.6.3.orig/src/lib/krb5/asn.1/asn1buf.c
+++ krb5-1.6.3/src/lib/krb5/asn.1/asn1buf.c
@@ -78,11 +78,11 @@ asn1_error_code asn1buf_wrap_data(asn1bu
 
 asn1_error_code asn1buf_imbed(asn1buf *subbuf, const asn1buf *buf, const unsigned int length, const int indef)
 {
+  if (buf->next > buf->bound + 1) return ASN1_OVERRUN;                                                       
   subbuf->base = subbuf->next = buf->next;
   if (!indef) {
+      if (length > (size_t)(buf->bound + 1 - buf->next)) return ASN1_OVERRUN;                                
       subbuf->bound = subbuf->base + length - 1;
-      if (subbuf->bound > buf->bound)
-	  return ASN1_OVERRUN;
   } else /* constructed indefinite */
       subbuf->bound = buf->bound;
   return 0;
@@ -200,6 +200,7 @@ asn1_error_code asn1buf_remove_octetstri
 {
   int i;
 
+  if (buf->next > buf->bound + 1) return ASN1_OVERRUN;                                                       
   if (len > buf->bound + 1 - buf->next) return ASN1_OVERRUN;
   if (len == 0) {
       *s = 0;
@@ -218,6 +219,7 @@ asn1_error_code asn1buf_remove_charstrin
 {
   int i;
 
+  if (buf->next > buf->bound + 1) return ASN1_OVERRUN;                                                       
   if (len > buf->bound + 1 - buf->next) return ASN1_OVERRUN;
   if (len == 0) {
       *s = 0;
Server instance: zserverv-756375 This site is powered by Kallithea, which is © 2010–2021 by various authors & licensed under GPLv3. – Support