Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 187082 Details for
Bug 263398
<app-crypt/mit-krb5-1.6.3-r6 MITKRB5-SA-2009-001 Multiple vulnerabilities in SPNEGO, ASN.1 decoder (CVE-2009-{0844,0846,0847})
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
CVE patch to comment #10
CVE-2009-0846.patch (text/plain), 1.64 KB, created by
Michael Hammer (RETIRED)
on 2009-04-02 13:43:07 UTC
(
hide
)
Description:
CVE patch to comment #10
Filename:
MIME Type:
Creator:
Michael Hammer (RETIRED)
Created:
2009-04-02 13:43:07 UTC
Size:
1.64 KB
patch
obsolete
>diff --git a/src/lib/krb5/asn.1/asn1_decode.c >b/src/lib/krb5/asn.1/asn1_decode.c >index aa4be32..5f7461d 100644 >--- a/src/lib/krb5/asn.1/asn1_decode.c >+++ b/src/lib/krb5/asn.1/asn1_decode.c >@@ -231,6 +231,7 @@ asn1_error_code asn1_decode_generaltime(asn1buf *buf, time_t *val) > > if(length != 15) return ASN1_BAD_LENGTH; > retval = asn1buf_remove_charstring(buf,15,&s); >+ if (retval) return retval; > /* Time encoding: YYYYMMDDhhmmssZ */ > if(s[14] != 'Z') { > free(s); >diff --git a/src/tests/asn.1/krb5_decode_test.c >b/src/tests/asn.1/krb5_decode_test.c >index 0ff9343..1c427d1 100644 >--- a/src/tests/asn.1/krb5_decode_test.c >+++ b/src/tests/asn.1/krb5_decode_test.c >@@ -485,5 +485,21 @@ int main(argc, argv) > ktest_destroy_keyblock(&(ref.subkey)); > ref.seq_number = 0; > decode_run("ap_rep_enc_part","(optionals NULL)","7B 1C 30 1A A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2 40",decode_krb5_ap_rep_enc_part,ktest_equal_ap_rep_enc_part,krb5_free_ap_rep_enc_part); >+ >+ retval = krb5_data_hex_parse(&code, "7B 06 30 04 A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2 40"); >+ if (retval) { >+ com_err("krb5_decode_test", retval, "while parsing"); >+ exit(1); >+ } >+ retval = decode_krb5_ap_rep_enc_part(&code, &var); >+ if (retval != ASN1_OVERRUN) { >+ printf("ERROR: "); >+ } else { >+ printf("OK: "); >+ } >+ printf("ap_rep_enc_part(optionals NULL + expect ASN1_OVERRUN for inconsistent length of timestamp)\n"); >+ krb5_free_data_contents(test_context, &code); >+ krb5_free_ap_rep_enc_part(test_context, var); >+ > ktest_empty_ap_rep_enc_part(&ref); > }
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=187082">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 263398
:
185901
|
185967
|
187080
| 187082
