diff options
author | cy <cy@FreeBSD.org> | 2004-09-01 23:01:20 +0800 |
---|---|---|
committer | cy <cy@FreeBSD.org> | 2004-09-01 23:01:20 +0800 |
commit | 38535277188cf586b7452d8818843741d91fbd9a (patch) | |
tree | dec0ead7227bbac5c9817a29f316fda5f7e5b0ca /security/krb5-appl | |
parent | b1b4f8dcee155a17910f794f43fdda523d37c4a9 (diff) | |
download | freebsd-ports-gnome-38535277188cf586b7452d8818843741d91fbd9a.tar.gz freebsd-ports-gnome-38535277188cf586b7452d8818843741d91fbd9a.tar.zst freebsd-ports-gnome-38535277188cf586b7452d8818843741d91fbd9a.zip |
Fix MITKRB5-SA-2004-003: ASN.1 decoder denial-of-service.
Heads-up by: nectar
Diffstat (limited to 'security/krb5-appl')
-rw-r--r-- | security/krb5-appl/Makefile | 1 | ||||
-rw-r--r-- | security/krb5-appl/files/patch-lib::krb5::asn.1::asn1buf.c | 13 |
2 files changed, 14 insertions, 0 deletions
diff --git a/security/krb5-appl/Makefile b/security/krb5-appl/Makefile index 9c3dd3045662..0e590c1b344a 100644 --- a/security/krb5-appl/Makefile +++ b/security/krb5-appl/Makefile @@ -7,6 +7,7 @@ PORTNAME= krb5 PORTVERSION= 1.3.4 +PORTREVISION= 1 CATEGORIES= security # USE_TARBALL tells the port that the user has fetched the source # directly from MIT or crypto-publish.org (CRYTPO-PUBLISH). diff --git a/security/krb5-appl/files/patch-lib::krb5::asn.1::asn1buf.c b/security/krb5-appl/files/patch-lib::krb5::asn.1::asn1buf.c new file mode 100644 index 000000000000..6d3da983adc3 --- /dev/null +++ b/security/krb5-appl/files/patch-lib::krb5::asn.1::asn1buf.c @@ -0,0 +1,13 @@ +*** lib/krb5/asn.1/asn1buf.c 12 Mar 2003 04:33:30 -0000 5.24 +--- lib/krb5/asn.1/asn1buf.c 23 Aug 2004 03:43:47 -0000 +*************** +*** 122,127 **** +--- 122,129 ---- + return ASN1_OVERRUN; + } + while (nestlevel > 0) { ++ if (buf->bound - buf->next + 1 <= 0) ++ return ASN1_OVERRUN; + retval = asn1_get_tag_2(buf, &t); + if (retval) return retval; + if (!t.indef) { |