summaryrefslogtreecommitdiff
path: root/security/mit-krb5-appl/patches/patch-telnet_libtelnet_encrypt.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/mit-krb5-appl/patches/patch-telnet_libtelnet_encrypt.c')
-rw-r--r--security/mit-krb5-appl/patches/patch-telnet_libtelnet_encrypt.c19
1 files changed, 19 insertions, 0 deletions
diff --git a/security/mit-krb5-appl/patches/patch-telnet_libtelnet_encrypt.c b/security/mit-krb5-appl/patches/patch-telnet_libtelnet_encrypt.c
new file mode 100644
index 00000000000..726da519efe
--- /dev/null
+++ b/security/mit-krb5-appl/patches/patch-telnet_libtelnet_encrypt.c
@@ -0,0 +1,19 @@
+$NetBSD: patch-telnet_libtelnet_encrypt.c,v 1.1 2011/12/23 16:44:24 tez Exp $
+
+Fix for CVE-2011-4862 from FreeBSD
+
+When an encryption key is supplied via the TELNET protocol, its length
+is not validated before the key is copied into a fixed-size buffer.
+
+--- telnet/libtelnet/encrypt.c.orig 2011-12-23 10:14:18.191614600 -0600
++++ telnet/libtelnet/encrypt.c 2011-12-23 10:15:26.640275300 -0600
+@@ -757,6 +757,9 @@
+ int dir = kp->dir;
+ register int ret = 0;
+
++ if (len > MAXKEYLEN)
++ len = MAXKEYLEN;
++
+ if (!(ep = (*kp->getcrypt)(*kp->modep))) {
+ if (len == 0)
+ return;
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-25 16:21:11 +0000