aboutsummaryrefslogtreecommitdiffstats
path: root/security/krb5-appl
diff options
context:
space:
mode:
authorcy <cy@FreeBSD.org>2004-09-01 23:01:20 +0800
committercy <cy@FreeBSD.org>2004-09-01 23:01:20 +0800
commit38535277188cf586b7452d8818843741d91fbd9a (patch)
treedec0ead7227bbac5c9817a29f316fda5f7e5b0ca /security/krb5-appl
parentb1b4f8dcee155a17910f794f43fdda523d37c4a9 (diff)
downloadfreebsd-ports-gnome-38535277188cf586b7452d8818843741d91fbd9a.tar.gz
freebsd-ports-gnome-38535277188cf586b7452d8818843741d91fbd9a.tar.zst
freebsd-ports-gnome-38535277188cf586b7452d8818843741d91fbd9a.zip
Fix MITKRB5-SA-2004-003: ASN.1 decoder denial-of-service.
Heads-up by: nectar
Diffstat (limited to 'security/krb5-appl')
-rw-r--r--security/krb5-appl/Makefile1
-rw-r--r--security/krb5-appl/files/patch-lib::krb5::asn.1::asn1buf.c13
2 files changed, 14 insertions, 0 deletions
diff --git a/security/krb5-appl/Makefile b/security/krb5-appl/Makefile
index 9c3dd3045662..0e590c1b344a 100644
--- a/security/krb5-appl/Makefile
+++ b/security/krb5-appl/Makefile
@@ -7,6 +7,7 @@
PORTNAME= krb5
PORTVERSION= 1.3.4
+PORTREVISION= 1
CATEGORIES= security
# USE_TARBALL tells the port that the user has fetched the source
# directly from MIT or crypto-publish.org (CRYTPO-PUBLISH).
diff --git a/security/krb5-appl/files/patch-lib::krb5::asn.1::asn1buf.c b/security/krb5-appl/files/patch-lib::krb5::asn.1::asn1buf.c
new file mode 100644
index 000000000000..6d3da983adc3
--- /dev/null
+++ b/security/krb5-appl/files/patch-lib::krb5::asn.1::asn1buf.c
@@ -0,0 +1,13 @@
+*** lib/krb5/asn.1/asn1buf.c 12 Mar 2003 04:33:30 -0000 5.24
+--- lib/krb5/asn.1/asn1buf.c 23 Aug 2004 03:43:47 -0000
+***************
+*** 122,127 ****
+--- 122,129 ----
+ return ASN1_OVERRUN;
+ }
+ while (nestlevel > 0) {
++ if (buf->bound - buf->next + 1 <= 0)
++ return ASN1_OVERRUN;
+ retval = asn1_get_tag_2(buf, &t);
+ if (retval) return retval;
+ if (!t.indef) {