aboutsummaryrefslogtreecommitdiffstats
path: root/security/krb5-appl
diff options
context:
space:
mode:
authorcy <cy@FreeBSD.org>2007-04-04 09:40:12 +0800
committercy <cy@FreeBSD.org>2007-04-04 09:40:12 +0800
commit31b02eced10109ef62b25d1c2be9db9d11b4b38a (patch)
tree72a436d60722a36586add3fb89e17bee653cfa12 /security/krb5-appl
parent3b84662271830036209d8946b9d1f841b0dec7ca (diff)
downloadfreebsd-ports-gnome-31b02eced10109ef62b25d1c2be9db9d11b4b38a.tar.gz
freebsd-ports-gnome-31b02eced10109ef62b25d1c2be9db9d11b4b38a.tar.zst
freebsd-ports-gnome-31b02eced10109ef62b25d1c2be9db9d11b4b38a.zip
Fix double-free vulnerability in kadmind (via GSS-API library).
Obtained from: MIT krb5 Security Advisory 2007-003 Security: US-CERT Technical Cyber Security Alert TA07-093B -- MIT Kerberos Vulnerabilities
Diffstat (limited to 'security/krb5-appl')
-rw-r--r--security/krb5-appl/Makefile1
-rw-r--r--security/krb5-appl/files/patch-lib-gssapi-krb5-k5unseal.c15
2 files changed, 16 insertions, 0 deletions
diff --git a/security/krb5-appl/Makefile b/security/krb5-appl/Makefile
index 812bd17279c0..84dc9056535e 100644
--- a/security/krb5-appl/Makefile
+++ b/security/krb5-appl/Makefile
@@ -7,6 +7,7 @@
PORTNAME= krb5
PORTVERSION= 1.6
+PORTREVISION= 1
CATEGORIES= security
MASTER_SITES= http://web.mit.edu/kerberos/dist/krb5/${PORTVERSION:C/^[0-9]*\.[0-9]*/&X/:C/X\.[0-9]*$//:C/X//}/
DISTNAME= ${PORTNAME}-${PORTVERSION}-signed
diff --git a/security/krb5-appl/files/patch-lib-gssapi-krb5-k5unseal.c b/security/krb5-appl/files/patch-lib-gssapi-krb5-k5unseal.c
new file mode 100644
index 000000000000..38ae5df836f9
--- /dev/null
+++ b/security/krb5-appl/files/patch-lib-gssapi-krb5-k5unseal.c
@@ -0,0 +1,15 @@
+--- lib/gssapi/krb5/k5unseal.c.orig Tue May 9 04:31:02 2006
++++ lib/gssapi/krb5/k5unseal.c Tue Apr 3 18:28:48 2007
+@@ -457,8 +457,11 @@
+
+ if ((ctx->initiate && direction != 0xff) ||
+ (!ctx->initiate && direction != 0)) {
+- if (toktype == KG_TOK_SEAL_MSG)
++ if (toktype == KG_TOK_SEAL_MSG) {
+ xfree(token.value);
++ message_buffer->value = NULL;
++ message_buffer->length = 0;
++ }
+ *minor_status = G_BAD_DIRECTION;
+ return(GSS_S_BAD_SIG);
+ }