diff options
| author | cy <cy@FreeBSD.org> | 2008-03-20 03:26:53 +0800 |
|---|---|---|
| committer | cy <cy@FreeBSD.org> | 2008-03-20 03:26:53 +0800 |
| commit | d288d15fc8f6bd3f30e7099d7dd7b6ae19dc8d84 (patch) | |
| tree | 0f7a53c6e508d9931cdb566408222a9f536798b6 /security/krb5-appl/files | |
| parent | 247f8aa1fb557b74376a40e8c9c3507f0c34f366 (diff) | |
| download | freebsd-ports-gnome-d288d15fc8f6bd3f30e7099d7dd7b6ae19dc8d84.tar.gz freebsd-ports-gnome-d288d15fc8f6bd3f30e7099d7dd7b6ae19dc8d84.tar.zst freebsd-ports-gnome-d288d15fc8f6bd3f30e7099d7dd7b6ae19dc8d84.zip | |
Fixes for multiple vulnerabilities.
Security: US-CERT Technical Cyber Security Alert TA08-079B --
MIT Kerberos Updates for Multiple Vulnerabilities
US-CERT Vulnerability Note VU#895609,
US-CERT Vulnerability Note VU#374121
MIT krb5 Security Advisory 2008-001
MIT krb5 Security Advisory 2008-002
Diffstat (limited to 'security/krb5-appl/files')
| -rw-r--r-- | security/krb5-appl/files/patch-lib-rpc-svc.c | 24 | ||||
| -rw-r--r-- | security/krb5-appl/files/patch-lib-rpc-svc_tcp.c | 51 |
2 files changed, 75 insertions, 0 deletions
diff --git a/security/krb5-appl/files/patch-lib-rpc-svc.c b/security/krb5-appl/files/patch-lib-rpc-svc.c new file mode 100644 index 000000000000..395039040b04 --- /dev/null +++ b/security/krb5-appl/files/patch-lib-rpc-svc.c @@ -0,0 +1,24 @@ +=== lib/rpc/svc.c +================================================================== +--- lib/rpc/svc.c (revision 1666) ++++ lib/rpc/svc.c (local) +@@ -109,15 +109,17 @@ + if (sock < FD_SETSIZE) { + xports[sock] = xprt; + FD_SET(sock, &svc_fdset); ++ if (sock > svc_maxfd) ++ svc_maxfd = sock; + } + #else + if (sock < NOFILE) { + xports[sock] = xprt; + svc_fds |= (1 << sock); ++ if (sock > svc_maxfd) ++ svc_maxfd = sock; + } + #endif /* def FD_SETSIZE */ +- if (sock > svc_maxfd) +- svc_maxfd = sock; + } + + /* diff --git a/security/krb5-appl/files/patch-lib-rpc-svc_tcp.c b/security/krb5-appl/files/patch-lib-rpc-svc_tcp.c new file mode 100644 index 000000000000..9c51fafc62bf --- /dev/null +++ b/security/krb5-appl/files/patch-lib-rpc-svc_tcp.c @@ -0,0 +1,51 @@ +=== lib/rpc/svc_tcp.c +================================================================== +--- lib/rpc/svc_tcp.c (revision 1666) ++++ lib/rpc/svc_tcp.c (local) +@@ -54,6 +54,14 @@ + extern errno; + */ + ++#ifndef FD_SETSIZE ++#ifdef NBBY ++#define NOFILE (sizeof(int) * NBBY) ++#else ++#define NOFILE (sizeof(int) * 8) ++#endif ++#endif ++ + /* + * Ops vector for TCP/IP based rpc service handle + */ +@@ -215,6 +223,19 @@ + register SVCXPRT *xprt; + register struct tcp_conn *cd; + ++#ifdef FD_SETSIZE ++ if (fd >= FD_SETSIZE) { ++ (void) fprintf(stderr, "svc_tcp: makefd_xprt: fd too high\n"); ++ xprt = NULL; ++ goto done; ++ } ++#else ++ if (fd >= NOFILE) { ++ (void) fprintf(stderr, "svc_tcp: makefd_xprt: fd too high\n"); ++ xprt = NULL; ++ goto done; ++ } ++#endif + xprt = (SVCXPRT *)mem_alloc(sizeof(SVCXPRT)); + if (xprt == (SVCXPRT *)NULL) { + (void) fprintf(stderr, "svc_tcp: makefd_xprt: out of memory\n"); +@@ -271,6 +292,10 @@ + * make a new transporter (re-uses xprt) + */ + xprt = makefd_xprt(sock, r->sendsize, r->recvsize); ++ if (xprt == NULL) { ++ close(sock); ++ return (FALSE); ++ } + xprt->xp_raddr = addr; + xprt->xp_addrlen = len; + xprt->xp_laddr = laddr; + |