Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 185901 Details for
Bug 263398
<app-crypt/mit-krb5-1.6.3-r6 MITKRB5-SA-2009-001 Multiple vulnerabilities in SPNEGO, ASN.1 decoder (CVE-2009-{0844,0846,0847})
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
CVE-2009-0844+CVE-2009-0847.patch
CVE-2009-0844+CVE-2009-0847.patch (text/plain), 2.03 KB, created by
Robert Buchholz (RETIRED)
on 2009-03-22 19:09:28 UTC
(
hide
)
Description:
CVE-2009-0844+CVE-2009-0847.patch
Filename:
MIME Type:
Creator:
Robert Buchholz (RETIRED)
Created:
2009-03-22 19:09:28 UTC
Size:
2.03 KB
patch
obsolete
>Index: krb5-1.6.3/src/lib/gssapi/spnego/spnego_mech.c >=================================================================== >--- krb5-1.6.3.orig/src/lib/gssapi/spnego/spnego_mech.c >+++ krb5-1.6.3/src/lib/gssapi/spnego/spnego_mech.c >@@ -1815,7 +1815,8 @@ get_input_token(unsigned char **buff_in, > return (NULL); > > input_token->length = gssint_get_der_length(buff_in, buff_length, &bytes); >- if ((int)input_token->length == -1) { >+ if ((int)input_token->length == -1 || >+ input_token->length > buff_length) { > free(input_token); > return (NULL); > } >Index: krb5-1.6.3/src/lib/krb5/asn.1/asn1buf.c >=================================================================== >--- krb5-1.6.3.orig/src/lib/krb5/asn.1/asn1buf.c >+++ krb5-1.6.3/src/lib/krb5/asn.1/asn1buf.c >@@ -78,11 +78,11 @@ asn1_error_code asn1buf_wrap_data(asn1bu > > asn1_error_code asn1buf_imbed(asn1buf *subbuf, const asn1buf *buf, const unsigned int length, const int indef) > { >+ if (buf->next > buf->bound + 1) return ASN1_OVERRUN; > subbuf->base = subbuf->next = buf->next; > if (!indef) { >+ if (length > (size_t)(buf->bound + 1 - buf->next)) return ASN1_OVERRUN; > subbuf->bound = subbuf->base + length - 1; >- if (subbuf->bound > buf->bound) >- return ASN1_OVERRUN; > } else /* constructed indefinite */ > subbuf->bound = buf->bound; > return 0; >@@ -200,6 +200,7 @@ asn1_error_code asn1buf_remove_octetstri > { > int i; > >+ if (buf->next > buf->bound + 1) return ASN1_OVERRUN; > if (len > buf->bound + 1 - buf->next) return ASN1_OVERRUN; > if (len == 0) { > *s = 0; >@@ -218,6 +219,7 @@ asn1_error_code asn1buf_remove_charstrin > { > int i; > >+ if (buf->next > buf->bound + 1) return ASN1_OVERRUN; > if (len > buf->bound + 1 - buf->next) return ASN1_OVERRUN; > if (len == 0) { > *s = 0;
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 263398
: 185901 |
185967
|
187080
|
187082