aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAssar Westerlund <assar@FreeBSD.org>2002-10-23 13:21:32 +0000
committerAssar Westerlund <assar@FreeBSD.org>2002-10-23 13:21:32 +0000
commit61f355676652b1aae2e1cf04acf518958af498dc (patch)
treed09ed91d28b80da769d97203f83f714e2291361f
parentf0c33b01eaf55813746950ac5b9d587eb5e60b01 (diff)
downloadsrc-61f355676652b1aae2e1cf04acf518958af498dc.tar.gz
src-61f355676652b1aae2e1cf04acf518958af498dc.zip
MFC kadm_ser_wrap.c:1.1.1.4: fix buffer overflow
MFC updating kerberosIV and kerberos5 versions consistenly Approved by: security-officer Obtained from: kth-krb CVS
Notes
Notes: svn path=/releng/4.6/; revision=105794
-rw-r--r--crypto/kerberosIV/kadmin/kadm_ser_wrap.c13
-rw-r--r--kerberos5/include/version.h8
-rw-r--r--kerberosIV/include/version.h8
3 files changed, 19 insertions, 10 deletions
diff --git a/crypto/kerberosIV/kadmin/kadm_ser_wrap.c b/crypto/kerberosIV/kadmin/kadm_ser_wrap.c
index 196a89c8fe11..29f142c63661 100644
--- a/crypto/kerberosIV/kadmin/kadm_ser_wrap.c
+++ b/crypto/kerberosIV/kadmin/kadm_ser_wrap.c
@@ -117,16 +117,25 @@ kadm_ser_in(u_char **dat, int *dat_len, u_char *errdat)
u_char *retdat, *tmpdat;
int retval, retlen;
- if (strncmp(KADM_VERSTR, (char *)*dat, KADM_VERSIZE)) {
+ if (*dat_len < (KADM_VERSIZE + sizeof(u_int32_t))
+ || strncmp(KADM_VERSTR, (char *)*dat, KADM_VERSIZE) != 0) {
errpkt(errdat, dat, dat_len, KADM_BAD_VER);
return KADM_BAD_VER;
}
in_len = KADM_VERSIZE;
/* get the length */
- if ((retc = stv_long(*dat, &r_len, in_len, *dat_len)) < 0)
+ if ((retc = stv_long(*dat, &r_len, in_len, *dat_len)) < 0 ||
+ (r_len > *dat_len - KADM_VERSIZE - sizeof(u_int32_t))) {
+ errpkt(errdat, dat, dat_len, KADM_LENGTH_ERROR);
return KADM_LENGTH_ERROR;
+ }
+
in_len += retc;
authent.length = *dat_len - r_len - KADM_VERSIZE - sizeof(u_int32_t);
+ if (authent.length > MAX_KTXT_LEN) {
+ errpkt(errdat, dat, dat_len, KADM_LENGTH_ERROR);
+ return KADM_LENGTH_ERROR;
+ }
memcpy(authent.dat, (char *)(*dat) + in_len, authent.length);
authent.mbz = 0;
/* service key should be set before here */
diff --git a/kerberos5/include/version.h b/kerberos5/include/version.h
index b0823d755102..a2a51044ac91 100644
--- a/kerberos5/include/version.h
+++ b/kerberos5/include/version.h
@@ -1,5 +1,5 @@
/* $FreeBSD$ */
-const char *krb4_long_version = "@(#)$Version: krb4-1.0.5 (FreeBSD) $";
-const char *krb4_version = "krb4-1.0.5";
-const char *heimdal_long_version = "@(#)$Version: heimdal-0.4e (FreeBSD) $";
-const char *heimdal_version = "heimdal-0.4e";
+const char *krb4_long_version = "@(#)$Version: krb4-1.0.5fb1 (FreeBSD) $";
+const char *krb4_version = "krb4-1.0.5fb1";
+const char *heimdal_long_version = "@(#)$Version: Heimdal 0.4e fb1 (FreeBSD) $";
+const char *heimdal_version = "Heimdal 0.4e fb1";
diff --git a/kerberosIV/include/version.h b/kerberosIV/include/version.h
index b204605c6663..ed044da6d7cc 100644
--- a/kerberosIV/include/version.h
+++ b/kerberosIV/include/version.h
@@ -1,5 +1,5 @@
/* $FreeBSD$ */
-char *krb4_long_version = "@(#)$Version: krb4-1.0 by root on greenpeace.grondar.za (i386-unknown-freebsd4.0) Sat Jan 8 19:34:57 SAST 2000 $";
-char *krb4_version = "krb4-1.0";
-char *heimdal_long_version = "@(#)$Version: heimdal-0.1l by root on greenpeace.grondar.za (i386-unknown-freebsd4.0) Sat Jan 8 20:56:02 SAST 2000 $";
-char *heimdal_version = "heimdal-0.1l";
+char *krb4_long_version = "@(#)$Version: krb4-1.0.5fb1 (FreeBSD) $";
+char *krb4_version = "krb4-1.0.5fb1";
+char *heimdal_long_version = "@(#)$Version: Heimdal 0.4e fb1 (FreeBSD) $";
+char *heimdal_version = "Heimdal 0.4e fb1";