Fix MITKRB5-SA-2004-003: ASN.1 decoder denial-of-service.

Heads-up by: nectar
author: cy <cy@FreeBSD.org> 2004-09-01 23:01:20 +0800
committer: cy <cy@FreeBSD.org> 2004-09-01 23:01:20 +0800
commit: 38535277188cf586b7452d8818843741d91fbd9a (patch)
tree: dec0ead7227bbac5c9817a29f316fda5f7e5b0ca /security
parent: b1b4f8dcee155a17910f794f43fdda523d37c4a9 (diff)
download: freebsd-ports-gnome-38535277188cf586b7452d8818843741d91fbd9a.tar.gz
freebsd-ports-gnome-38535277188cf586b7452d8818843741d91fbd9a.tar.zst
freebsd-ports-gnome-38535277188cf586b7452d8818843741d91fbd9a.zip
8 files changed, 56 insertions, 0 deletions
diff --git a/security/krb5-16/Makefile b/security/krb5-16/Makefile
index 9c3dd3045662..0e590c1b344a 100644
--- a/security/krb5-16/Makefile
+++ b/security/krb5-16/Makefile
@@ -7,6 +7,7 @@
 
 PORTNAME=		krb5
 PORTVERSION=		1.3.4
+PORTREVISION=		1
 CATEGORIES=		security
 # USE_TARBALL tells the port that the user has fetched the source
 # directly from MIT or crypto-publish.org (CRYTPO-PUBLISH).
diff --git a/security/krb5-16/files/patch-lib::krb5::asn.1::asn1buf.c b/security/krb5-16/files/patch-lib::krb5::asn.1::asn1buf.c
new file mode 100644
index 000000000000..6d3da983adc3
--- /dev/null
+++ b/security/krb5-16/files/patch-lib::krb5::asn.1::asn1buf.c
@@ -0,0 +1,13 @@
+*** lib/krb5/asn.1/asn1buf.c	12 Mar 2003 04:33:30 -0000	5.24
+--- lib/krb5/asn.1/asn1buf.c	23 Aug 2004 03:43:47 -0000
+***************
+*** 122,127 ****
+--- 122,129 ----
+        return ASN1_OVERRUN;
+    }
+    while (nestlevel > 0) {
++     if (buf->bound - buf->next + 1 <= 0)
++       return ASN1_OVERRUN;
+      retval = asn1_get_tag_2(buf, &t);
+      if (retval) return retval;
+      if (!t.indef) {
diff --git a/security/krb5-17/Makefile b/security/krb5-17/Makefile
index 9c3dd3045662..0e590c1b344a 100644
--- a/security/krb5-17/Makefile
+++ b/security/krb5-17/Makefile
@@ -7,6 +7,7 @@
 
 PORTNAME=		krb5
 PORTVERSION=		1.3.4
+PORTREVISION=		1
 CATEGORIES=		security
 # USE_TARBALL tells the port that the user has fetched the source
 # directly from MIT or crypto-publish.org (CRYTPO-PUBLISH).
diff --git a/security/krb5-17/files/patch-lib::krb5::asn.1::asn1buf.c b/security/krb5-17/files/patch-lib::krb5::asn.1::asn1buf.c
new file mode 100644
index 000000000000..6d3da983adc3
--- /dev/null
+++ b/security/krb5-17/files/patch-lib::krb5::asn.1::asn1buf.c
@@ -0,0 +1,13 @@
+*** lib/krb5/asn.1/asn1buf.c	12 Mar 2003 04:33:30 -0000	5.24
+--- lib/krb5/asn.1/asn1buf.c	23 Aug 2004 03:43:47 -0000
+***************
+*** 122,127 ****
+--- 122,129 ----
+        return ASN1_OVERRUN;
+    }
+    while (nestlevel > 0) {
++     if (buf->bound - buf->next + 1 <= 0)
++       return ASN1_OVERRUN;
+      retval = asn1_get_tag_2(buf, &t);
+      if (retval) return retval;
+      if (!t.indef) {
diff --git a/security/krb5-appl/Makefile b/security/krb5-appl/Makefile
index 9c3dd3045662..0e590c1b344a 100644
--- a/security/krb5-appl/Makefile
+++ b/security/krb5-appl/Makefile
@@ -7,6 +7,7 @@
 
 PORTNAME=		krb5
 PORTVERSION=		1.3.4
+PORTREVISION=		1
 CATEGORIES=		security
 # USE_TARBALL tells the port that the user has fetched the source
 # directly from MIT or crypto-publish.org (CRYTPO-PUBLISH).
diff --git a/security/krb5-appl/files/patch-lib::krb5::asn.1::asn1buf.c b/security/krb5-appl/files/patch-lib::krb5::asn.1::asn1buf.c
new file mode 100644
index 000000000000..6d3da983adc3
--- /dev/null
+++ b/security/krb5-appl/files/patch-lib::krb5::asn.1::asn1buf.c
@@ -0,0 +1,13 @@
+*** lib/krb5/asn.1/asn1buf.c	12 Mar 2003 04:33:30 -0000	5.24
+--- lib/krb5/asn.1/asn1buf.c	23 Aug 2004 03:43:47 -0000
+***************
+*** 122,127 ****
+--- 122,129 ----
+        return ASN1_OVERRUN;
+    }
+    while (nestlevel > 0) {
++     if (buf->bound - buf->next + 1 <= 0)
++       return ASN1_OVERRUN;
+      retval = asn1_get_tag_2(buf, &t);
+      if (retval) return retval;
+      if (!t.indef) {
diff --git a/security/krb5/Makefile b/security/krb5/Makefile
index 9c3dd3045662..0e590c1b344a 100644
--- a/security/krb5/Makefile
+++ b/security/krb5/Makefile
@@ -7,6 +7,7 @@
 
 PORTNAME=		krb5
 PORTVERSION=		1.3.4
+PORTREVISION=		1
 CATEGORIES=		security
 # USE_TARBALL tells the port that the user has fetched the source
 # directly from MIT or crypto-publish.org (CRYTPO-PUBLISH).
diff --git a/security/krb5/files/patch-lib::krb5::asn.1::asn1buf.c b/security/krb5/files/patch-lib::krb5::asn.1::asn1buf.c
new file mode 100644
index 000000000000..6d3da983adc3
--- /dev/null
+++ b/security/krb5/files/patch-lib::krb5::asn.1::asn1buf.c
@@ -0,0 +1,13 @@
+*** lib/krb5/asn.1/asn1buf.c	12 Mar 2003 04:33:30 -0000	5.24
+--- lib/krb5/asn.1/asn1buf.c	23 Aug 2004 03:43:47 -0000
+***************
+*** 122,127 ****
+--- 122,129 ----
+        return ASN1_OVERRUN;
+    }
+    while (nestlevel > 0) {
++     if (buf->bound - buf->next + 1 <= 0)
++       return ASN1_OVERRUN;
+      retval = asn1_get_tag_2(buf, &t);
+      if (retval) return retval;
+      if (!t.indef) {
author	cy <cy@FreeBSD.org>	2004-09-01 23:01:20 +0800
committer	cy <cy@FreeBSD.org>	2004-09-01 23:01:20 +0800
commit	38535277188cf586b7452d8818843741d91fbd9a (patch)
tree	dec0ead7227bbac5c9817a29f316fda5f7e5b0ca /security
parent	b1b4f8dcee155a17910f794f43fdda523d37c4a9 (diff)
download	freebsd-ports-gnome-38535277188cf586b7452d8818843741d91fbd9a.tar.gz freebsd-ports-gnome-38535277188cf586b7452d8818843741d91fbd9a.tar.zst freebsd-ports-gnome-38535277188cf586b7452d8818843741d91fbd9a.zip