diff options
| author | tez <tez> | 2011-12-30 18:59:05 +0000 |
|---|---|---|
| committer | tez <tez> | 2011-12-30 18:59:05 +0000 |
| commit | 0883df2e0810576857e26858174ccc01c6915d06 (patch) | |
| tree | 1fde353df30ed837e2dc1d9470a4a92ddeb9196d /security | |
| parent | eb9c1f7bdc6095c616a1857dfa3c95e94ad63ce4 (diff) | |
| download | pkgsrc-0883df2e0810576857e26858174ccc01c6915d06.tar.gz | |
Fix for CVE-2011-4862 from FreeBSD
When an encryption key is supplied via the TELNET protocol, its length
is not validated before the key is copied into a fixed-size buffer.
Diffstat (limited to 'security')
| -rw-r--r-- | security/heimdal/Makefile | 4 | ||||
| -rw-r--r-- | security/heimdal/distinfo | 3 | ||||
| -rw-r--r-- | security/heimdal/patches/patch-appl_telnet_libtelnet_encrypt.c | 19 |
3 files changed, 23 insertions, 3 deletions
diff --git a/security/heimdal/Makefile b/security/heimdal/Makefile index 4db12c04b52..63a29b66af7 100644 --- a/security/heimdal/Makefile +++ b/security/heimdal/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.83 2011/12/09 01:53:11 sbd Exp $ +# $NetBSD: Makefile,v 1.84 2011/12/30 18:59:05 tez Exp $ DISTNAME= heimdal-1.4 -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= security MASTER_SITES= http://www.h5l.org/dist/src/ diff --git a/security/heimdal/distinfo b/security/heimdal/distinfo index fca332e9f8b..b777a285ec2 100644 --- a/security/heimdal/distinfo +++ b/security/heimdal/distinfo @@ -1,10 +1,11 @@ -$NetBSD: distinfo,v 1.32 2011/09/15 13:01:14 hans Exp $ +$NetBSD: distinfo,v 1.33 2011/12/30 18:59:05 tez Exp $ SHA1 (heimdal-1.4.tar.gz) = b4c876df3637a11deea72f87a6e54f6caf501679 RMD160 (heimdal-1.4.tar.gz) = 055288f1ab37781f1533299bdff9b0d1e264d470 Size (heimdal-1.4.tar.gz) = 6095377 bytes SHA1 (patch-ad) = 37c2a7cdc4dba695a84057b40aae3c5a971cb546 SHA1 (patch-al) = 022d5f3723bd1db7fe5e92eea5d0106851a5d424 +SHA1 (patch-appl_telnet_libtelnet_encrypt.c) = b8cd432dee8758b8c5790c6fe214f11397446cd8 SHA1 (patch-ar) = 0a3e7bbd3cb04deb0f6772afd9a6b6b5353463d3 SHA1 (patch-kdc_version-script.map) = 42b0417a16b19a680f30ae34cfffd082f609d4a6 SHA1 (patch-lib_hcrypto_libtommath_tommath.h) = 60f223bb23145854f2a144da9e0a9484728b618a diff --git a/security/heimdal/patches/patch-appl_telnet_libtelnet_encrypt.c b/security/heimdal/patches/patch-appl_telnet_libtelnet_encrypt.c new file mode 100644 index 00000000000..c63a37e8c68 --- /dev/null +++ b/security/heimdal/patches/patch-appl_telnet_libtelnet_encrypt.c @@ -0,0 +1,19 @@ +$NetBSD: patch-appl_telnet_libtelnet_encrypt.c,v 1.1 2011/12/30 18:59:06 tez Exp $ + +Fix for CVE-2011-4862 from FreeBSD + +When an encryption key is supplied via the TELNET protocol, its length +is not validated before the key is copied into a fixed-size buffer. + +--- appl/telnet/libtelnet/encrypt.c.orig 2011-12-30 11:55:11.373531000 -0600 ++++ appl/telnet/libtelnet/encrypt.c 2011-12-30 11:56:35.109601000 -0600 +@@ -736,6 +736,9 @@ + int dir = kp->dir; + int ret = 0; + ++ if (len > MAXKEYLEN) ++ len = MAXKEYLEN; ++ + if (!(ep = (*kp->getcrypt)(*kp->modep))) { + if (len == 0) + return; |