summaryrefslogtreecommitdiff
path: root/security/mit-krb5/patches/patch-CVE-2014-4344
diff options
context:
space:
mode:
Diffstat (limited to 'security/mit-krb5/patches/patch-CVE-2014-4344')
-rw-r--r--security/mit-krb5/patches/patch-CVE-2014-434416
1 files changed, 16 insertions, 0 deletions
diff --git a/security/mit-krb5/patches/patch-CVE-2014-4344 b/security/mit-krb5/patches/patch-CVE-2014-4344
new file mode 100644
index 00000000000..a2066f88089
--- /dev/null
+++ b/security/mit-krb5/patches/patch-CVE-2014-4344
@@ -0,0 +1,16 @@
+$NetBSD: patch-CVE-2014-4344,v 1.1 2014/08/28 22:23:05 tez Exp $
+
+fix for CVE-2014-4344 from:
+https://github.com/krb5/krb5/commit/a7886f0ed1277c69142b14a2c6629175a6331edc
+
+--- lib/gssapi/spnego/spnego_mech.c
++++ lib/gssapi/spnego/spnego_mech.c
+@@ -1442,7 +1442,7 @@ acc_ctx_cont(OM_uint32 *minstat,
+
+ ptr = bufstart = buf->value;
+ #define REMAIN (buf->length - (ptr - bufstart))
+- if (REMAIN > INT_MAX)
++ if (REMAIN == 0 || REMAIN > INT_MAX)
+ return GSS_S_DEFECTIVE_TOKEN;
+
+ /*
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-29 08:59:54 +0000