aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJacques Vidrine <nectar@FreeBSD.org>2004-05-05 20:17:51 +0000
committerJacques Vidrine <nectar@FreeBSD.org>2004-05-05 20:17:51 +0000
commit85a13d0cdab4d814890951b8d15b5ad9a709b19a (patch)
tree35c071b56a27d922a00d64de6688c68621aae891
parent18bab81cc1b09b9d60a0d1dae0da4cf13421dada (diff)
downloadsrc-85a13d0cdab4d814890951b8d15b5ad9a709b19a.tar.gz
src-85a13d0cdab4d814890951b8d15b5ad9a709b19a.zip
Correct a heap buffer overflow in k5admind(8) when built with Kerberos
IV support. Obtained from: Heimdal CVS Approved by: so
Notes
Notes: svn path=/releng/4.9/; revision=128982
-rw-r--r--UPDATING3
-rw-r--r--crypto/heimdal/kadmin/version4.c2
-rw-r--r--sys/conf/newvers.sh2
3 files changed, 6 insertions, 1 deletions
diff --git a/UPDATING b/UPDATING
index 460745737383..cf2af5894d0b 100644
--- a/UPDATING
+++ b/UPDATING
@@ -17,6 +17,9 @@ minimal number of processes, if possible, for that patch. For those
updates that don't have an advisory, or to be safe, you can do a full
build and install as described in the COMMON ITEMS section.
+20040505: p7 FreeBSD-SA-04:09.kadmind
+ Correct a heap buffer overflow in k5admind's Kerberos IV support.
+
20040505: p6 FreeBSD-SA-04:08.heimdal
Correctly validate the transited field in Kerberos tickets.
diff --git a/crypto/heimdal/kadmin/version4.c b/crypto/heimdal/kadmin/version4.c
index 466ec3a4f852..a61ef314d01f 100644
--- a/crypto/heimdal/kadmin/version4.c
+++ b/crypto/heimdal/kadmin/version4.c
@@ -964,6 +964,8 @@ handle_v4(krb5_context context,
if(term_flag)
exit(0);
if(first) {
+ if (len < 2)
+ krb5_errx(context, 1, "received too short len (%d < 2)", len);
/* first time around, we have already read len, and two
bytes of the version string */
krb5_data_alloc(&message, len);
diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh
index 8d6bdd1a7a69..0573fb0f7ba1 100644
--- a/sys/conf/newvers.sh
+++ b/sys/conf/newvers.sh
@@ -36,7 +36,7 @@
TYPE="FreeBSD"
REVISION="4.9"
-BRANCH="RELEASE-p6"
+BRANCH="RELEASE-p7"
RELEASE="${REVISION}-${BRANCH}"
VERSION="${TYPE} ${RELEASE}"