diff --git a/app-crypt/mit-krb5/files/CVE-2009-0844+CVE-2009-0847.patch b/app-crypt/mit-krb5/files/CVE-2009-0844+CVE-2009-0847.patch deleted file mode 100644 --- a/app-crypt/mit-krb5/files/CVE-2009-0844+CVE-2009-0847.patch +++ /dev/null @@ -1,48 +0,0 @@ -Index: krb5-1.6.3/src/lib/gssapi/spnego/spnego_mech.c -=================================================================== ---- krb5-1.6.3.orig/src/lib/gssapi/spnego/spnego_mech.c -+++ krb5-1.6.3/src/lib/gssapi/spnego/spnego_mech.c -@@ -1815,7 +1815,8 @@ get_input_token(unsigned char **buff_in, - return (NULL); - - input_token->length = gssint_get_der_length(buff_in, buff_length, &bytes); -- if ((int)input_token->length == -1) { -+ if ((int)input_token->length == -1 || -+ input_token->length > buff_length) { - free(input_token); - return (NULL); - } -Index: krb5-1.6.3/src/lib/krb5/asn.1/asn1buf.c -=================================================================== ---- krb5-1.6.3.orig/src/lib/krb5/asn.1/asn1buf.c -+++ krb5-1.6.3/src/lib/krb5/asn.1/asn1buf.c -@@ -78,11 +78,11 @@ asn1_error_code asn1buf_wrap_data(asn1bu - - asn1_error_code asn1buf_imbed(asn1buf *subbuf, const asn1buf *buf, const unsigned int length, const int indef) - { -+ if (buf->next > buf->bound + 1) return ASN1_OVERRUN; - subbuf->base = subbuf->next = buf->next; - if (!indef) { -+ if (length > (size_t)(buf->bound + 1 - buf->next)) return ASN1_OVERRUN; - subbuf->bound = subbuf->base + length - 1; -- if (subbuf->bound > buf->bound) -- return ASN1_OVERRUN; - } else /* constructed indefinite */ - subbuf->bound = buf->bound; - return 0; -@@ -200,6 +200,7 @@ asn1_error_code asn1buf_remove_octetstri - { - int i; - -+ if (buf->next > buf->bound + 1) return ASN1_OVERRUN; - if (len > buf->bound + 1 - buf->next) return ASN1_OVERRUN; - if (len == 0) { - *s = 0; -@@ -218,6 +219,7 @@ asn1_error_code asn1buf_remove_charstrin - { - int i; - -+ if (buf->next > buf->bound + 1) return ASN1_OVERRUN; - if (len > buf->bound + 1 - buf->next) return ASN1_OVERRUN; - if (len == 0) { - *s = 0;