diff options
author | cy <cy@FreeBSD.org> | 2007-04-04 09:40:12 +0800 |
---|---|---|
committer | cy <cy@FreeBSD.org> | 2007-04-04 09:40:12 +0800 |
commit | 31b02eced10109ef62b25d1c2be9db9d11b4b38a (patch) | |
tree | 72a436d60722a36586add3fb89e17bee653cfa12 /security/krb5-appl | |
parent | 3b84662271830036209d8946b9d1f841b0dec7ca (diff) | |
download | freebsd-ports-gnome-31b02eced10109ef62b25d1c2be9db9d11b4b38a.tar.gz freebsd-ports-gnome-31b02eced10109ef62b25d1c2be9db9d11b4b38a.tar.zst freebsd-ports-gnome-31b02eced10109ef62b25d1c2be9db9d11b4b38a.zip |
Fix double-free vulnerability in kadmind (via GSS-API library).
Obtained from: MIT krb5 Security Advisory 2007-003
Security: US-CERT Technical Cyber Security Alert TA07-093B -- MIT Kerberos Vulnerabilities
Diffstat (limited to 'security/krb5-appl')
-rw-r--r-- | security/krb5-appl/Makefile | 1 | ||||
-rw-r--r-- | security/krb5-appl/files/patch-lib-gssapi-krb5-k5unseal.c | 15 |
2 files changed, 16 insertions, 0 deletions
diff --git a/security/krb5-appl/Makefile b/security/krb5-appl/Makefile index 812bd17279c0..84dc9056535e 100644 --- a/security/krb5-appl/Makefile +++ b/security/krb5-appl/Makefile @@ -7,6 +7,7 @@ PORTNAME= krb5 PORTVERSION= 1.6 +PORTREVISION= 1 CATEGORIES= security MASTER_SITES= http://web.mit.edu/kerberos/dist/krb5/${PORTVERSION:C/^[0-9]*\.[0-9]*/&X/:C/X\.[0-9]*$//:C/X//}/ DISTNAME= ${PORTNAME}-${PORTVERSION}-signed diff --git a/security/krb5-appl/files/patch-lib-gssapi-krb5-k5unseal.c b/security/krb5-appl/files/patch-lib-gssapi-krb5-k5unseal.c new file mode 100644 index 000000000000..38ae5df836f9 --- /dev/null +++ b/security/krb5-appl/files/patch-lib-gssapi-krb5-k5unseal.c @@ -0,0 +1,15 @@ +--- lib/gssapi/krb5/k5unseal.c.orig Tue May 9 04:31:02 2006 ++++ lib/gssapi/krb5/k5unseal.c Tue Apr 3 18:28:48 2007 +@@ -457,8 +457,11 @@ + + if ((ctx->initiate && direction != 0xff) || + (!ctx->initiate && direction != 0)) { +- if (toktype == KG_TOK_SEAL_MSG) ++ if (toktype == KG_TOK_SEAL_MSG) { + xfree(token.value); ++ message_buffer->value = NULL; ++ message_buffer->length = 0; ++ } + *minor_status = G_BAD_DIRECTION; + return(GSS_S_BAD_SIG); + } |