diff options
| author | nectar <nectar@FreeBSD.org> | 2001-07-20 05:43:42 +0800 |
|---|---|---|
| committer | nectar <nectar@FreeBSD.org> | 2001-07-20 05:43:42 +0800 |
| commit | b38805416244d5d5612e3a026ee93d0e8a8d14c3 (patch) | |
| tree | b680260fc2b32611a71b1cc917681e76c4fce7e4 /security/heimdal | |
| parent | 7c5bf114fcb7a2301c57ac64d50f8fe02b764aff (diff) | |
| download | freebsd-ports-graphics-b38805416244d5d5612e3a026ee93d0e8a8d14c3.tar.gz freebsd-ports-graphics-b38805416244d5d5612e3a026ee93d0e8a8d14c3.tar.zst freebsd-ports-graphics-b38805416244d5d5612e3a026ee93d0e8a8d14c3.zip | |
= Fix possible telnetd vulnerability in option processing.
Obtained from: heimdal-discuss@sics.se
= Fix bug in GSSAPI accept_sec_context() that prevented credential
forwarding from working in some cases.
Diffstat (limited to 'security/heimdal')
| -rw-r--r-- | security/heimdal/Makefile | 1 | ||||
| -rw-r--r-- | security/heimdal/files/patch-ad | 34 | ||||
| -rw-r--r-- | security/heimdal/files/patch-ae | 29 |
3 files changed, 64 insertions, 0 deletions
diff --git a/security/heimdal/Makefile b/security/heimdal/Makefile index 81579738954..6c61e7c3e53 100644 --- a/security/heimdal/Makefile +++ b/security/heimdal/Makefile @@ -7,6 +7,7 @@ PORTNAME= heimdal PORTVERSION= 0.4b +PORTREVISION= 1 CATEGORIES= security ipv6 MASTER_SITES= ftp://ftp.pdc.kth.se/pub/heimdal/src/ \ ftp://ftp.replay.com/pub/replay/crypto/APPS/kerberos/heimdal/ \ diff --git a/security/heimdal/files/patch-ad b/security/heimdal/files/patch-ad new file mode 100644 index 00000000000..719c82896d4 --- /dev/null +++ b/security/heimdal/files/patch-ad @@ -0,0 +1,34 @@ +--- lib/gssapi/accept_sec_context.c.orig Mon Jul 16 22:28:38 2001 ++++ lib/gssapi/accept_sec_context.c Tue Jul 17 08:10:32 2001 +@@ -283,12 +283,27 @@ + + krb5_ccache ccache; + +- if (delegated_cred_handle == NULL || *delegated_cred_handle == NULL) ++ if (delegated_cred_handle == NULL) + /* XXX Create a new delegated_cred_handle? */ + kret = krb5_cc_default (gssapi_krb5_context, &ccache); +- +- else { +- if ((*delegated_cred_handle)->ccache == NULL) ++ else if (*delegated_cred_handle == NULL) { ++ if ((*delegated_cred_handle = ++ calloc(1, sizeof(**delegated_cred_handle))) == NULL) { ++ kret = ENOMEM; ++ krb5_set_error_string(gssapi_krb5_context, "out of memory"); ++ gssapi_krb5_set_error_string(); ++ goto failure; ++ } ++ if ((kret = gss_duplicate_name(minor_status, ticket->client, ++ &(*delegated_cred_handle)->principal)) != 0) { ++ flags &= ~GSS_C_DELEG_FLAG; ++ free(*delegated_cred_handle); ++ *delegated_cred_handle = NULL; ++ goto end_fwd; ++ } ++ } ++ if (delegated_cred_handle != NULL && ++ (*delegated_cred_handle)->ccache == NULL) { + kret = krb5_cc_gen_new (gssapi_krb5_context, + &krb5_mcc_ops, + &(*delegated_cred_handle)->ccache); diff --git a/security/heimdal/files/patch-ae b/security/heimdal/files/patch-ae new file mode 100644 index 00000000000..f4e1d38369c --- /dev/null +++ b/security/heimdal/files/patch-ae @@ -0,0 +1,29 @@ +--- appl/telnet/telnetd/global.c 1997/05/11 06:29:59 1.12 ++++ appl/telnet/telnetd/global.c 2001/07/19 16:00:42 1.13 +@@ -36,7 +36,7 @@ + + #include "telnetd.h" + +-RCSID("$Id: global.c,v 1.12 1997/05/11 06:29:59 assar Exp $"); ++RCSID("$Id: global.c,v 1.13 2001/07/19 16:00:42 assar Exp $"); + + /* + * Telnet server variable declarations +@@ -93,7 +93,7 @@ + output_data (const char *format, ...) + { + va_list args; +- size_t remaining, ret; ++ int remaining, ret; + + va_start(args, format); + remaining = BUFSIZ - (nfrontp - netobuf); +@@ -101,7 +101,7 @@ + remaining, + format, + args); +- nfrontp += ret; ++ nfrontp += min(ret, remaining-1); + va_end(args); + return ret; + } |