Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 130116 Details for
Bug 191301
app-crypt/mit-krb5 < 1.5.3-r1 multiple vulnerabilities (CVE-2007-3999, CVE-2007-4000)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Revised patch.
2007-006-patch.txt (text/plain), 1.52 KB, created by
Heath Caldwell (RETIRED)
on 2007-09-05 21:00:59 UTC
(
hide
)
Description:
Revised patch.
Filename:
MIME Type:
Creator:
Heath Caldwell (RETIRED)
Created:
2007-09-05 21:00:59 UTC
Size:
1.52 KB
patch
obsolete
>*** src/lib/kadm5/srv/svr_policy.c (revision 20254) >--- src/lib/kadm5/srv/svr_policy.c (local) >*************** >*** 211,218 **** > if((mask & KADM5_POLICY)) > return KADM5_BAD_MASK; > >! ret = krb5_db_get_policy(handle->context, entry->policy, &p, &cnt); >! if( ret && (cnt==0) ) > return KADM5_UNK_POLICY; > > if ((mask & KADM5_PW_MAX_LIFE)) >--- 211,219 ---- > if((mask & KADM5_POLICY)) > return KADM5_BAD_MASK; > >! if ((ret = krb5_db_get_policy(handle->context, entry->policy, &p, &cnt))) >! return ret; >! if (cnt != 1) > return KADM5_UNK_POLICY; > > if ((mask & KADM5_PW_MAX_LIFE)) >*** src/lib/rpc/svc_auth_gss.c (revision 20474) >--- src/lib/rpc/svc_auth_gss.c (local) >*************** >*** 355,360 **** >--- 355,369 ---- > memset(rpchdr, 0, sizeof(rpchdr)); > > /* XXX - Reconstruct RPC header for signing (from xdr_callmsg). */ >+ oa = &msg->rm_call.cb_cred; >+ if (oa->oa_length > MAX_AUTH_BYTES) >+ return (FALSE); >+ >+ /* 8 XDR units from the IXDR macro calls. */ >+ if (sizeof(rpchdr) < (8 * BYTES_PER_XDR_UNIT + >+ RNDUP(oa->oa_length))) >+ return (FALSE); >+ > buf = (int32_t *)(void *)rpchdr; > IXDR_PUT_LONG(buf, msg->rm_xid); > IXDR_PUT_ENUM(buf, msg->rm_direction); >*************** >*** 362,368 **** > IXDR_PUT_LONG(buf, msg->rm_call.cb_prog); > IXDR_PUT_LONG(buf, msg->rm_call.cb_vers); > IXDR_PUT_LONG(buf, msg->rm_call.cb_proc); >- oa = &msg->rm_call.cb_cred; > IXDR_PUT_ENUM(buf, oa->oa_flavor); > IXDR_PUT_LONG(buf, oa->oa_length); > if (oa->oa_length) { >--- 371,376 ----
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=130116">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 191301
: 130116 |
130389
