diff options
Diffstat (limited to 'security')
-rw-r--r-- | security/mit-krb5/Makefile | 3 | ||||
-rw-r--r-- | security/mit-krb5/distinfo | 3 | ||||
-rw-r--r-- | security/mit-krb5/patches/patch-al | 96 |
3 files changed, 100 insertions, 2 deletions
diff --git a/security/mit-krb5/Makefile b/security/mit-krb5/Makefile index 226daf9b79b..86b953e1634 100644 --- a/security/mit-krb5/Makefile +++ b/security/mit-krb5/Makefile @@ -1,7 +1,8 @@ -# $NetBSD: Makefile,v 1.17 2005/04/10 07:15:24 jlam Exp $ +# $NetBSD: Makefile,v 1.18 2005/04/10 07:46:50 jlam Exp $ DISTNAME= krb5-1.4 PKGNAME= mit-${DISTNAME:S/-signed$//} +PKGREVISION= 1 CATEGORIES= security MASTER_SITES= http://web.mit.edu/kerberos/dist/krb5/1.4/ DISTFILES= ${DISTNAME}-signed${EXTRACT_SUFX} diff --git a/security/mit-krb5/distinfo b/security/mit-krb5/distinfo index 87c0d5c9fd4..3ad292b8daf 100644 --- a/security/mit-krb5/distinfo +++ b/security/mit-krb5/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.9 2005/04/10 07:15:24 jlam Exp $ +$NetBSD: distinfo,v 1.10 2005/04/10 07:46:50 jlam Exp $ SHA1 (krb5-1.4-signed.tar) = fa354aaaeb5ac5039653ebd249b1e3f9273a7a29 RMD160 (krb5-1.4-signed.tar) = 0231e55c56f3d6d20aee3ca1bcb77b0eeaeabaae @@ -13,3 +13,4 @@ SHA1 (patch-ag) = 52a794b5fa0d1573bb2c9e7c4d233212d767d0e0 SHA1 (patch-ah) = 59a6bfc341a22234b38db406abe83b0d6d358a9f SHA1 (patch-aj) = 5c633571ea932ce349065cbb4c3bf482cc971675 SHA1 (patch-ak) = 9d95372fd8edddbf0366e83a51d7a0b8a507f218 +SHA1 (patch-al) = dbfae9ee81ba7b0367bc874fe60d1c256f8c5cf1 diff --git a/security/mit-krb5/patches/patch-al b/security/mit-krb5/patches/patch-al new file mode 100644 index 00000000000..ed9e1ca7a72 --- /dev/null +++ b/security/mit-krb5/patches/patch-al @@ -0,0 +1,96 @@ +$NetBSD: patch-al,v 1.1 2005/04/10 07:46:50 jlam Exp $ + +Patch from http://web.mit.edu/kerberos/advisories/2005-001-patch_1.4.txt +which fixes MITKRB5-SA-2005-001 (CAN-2005-0468 & CAN-2005-0469) relating +to buffer overflows in the telnet client. + +*** appl/telnet/telnet/telnet.c 15 Nov 2002 20:21:35 -0000 5.18 +--- appl/telnet/telnet/telnet.c 15 Mar 2005 18:59:32 -0000 +*************** +*** 1475,1480 **** +--- 1475,1482 ---- + unsigned char flags; + cc_t value; + { ++ if ((slc_replyp - slc_reply) + 6 > sizeof(slc_reply)) ++ return; + if ((*slc_replyp++ = func) == IAC) + *slc_replyp++ = IAC; + if ((*slc_replyp++ = flags) == IAC) +*************** +*** 1488,1498 **** + { + register int len; + +- *slc_replyp++ = IAC; +- *slc_replyp++ = SE; + len = slc_replyp - slc_reply; +! if (len <= 6) + return; + if (NETROOM() > len) { + ring_supply_data(&netoring, slc_reply, slc_replyp - slc_reply); + printsub('>', &slc_reply[2], slc_replyp - slc_reply - 2); +--- 1490,1501 ---- + { + register int len; + + len = slc_replyp - slc_reply; +! if (len <= 4 || (len + 2 > sizeof(slc_reply))) + return; ++ *slc_replyp++ = IAC; ++ *slc_replyp++ = SE; ++ len += 2; + if (NETROOM() > len) { + ring_supply_data(&netoring, slc_reply, slc_replyp - slc_reply); + printsub('>', &slc_reply[2], slc_replyp - slc_reply - 2); +*************** +*** 1645,1650 **** +--- 1648,1654 ---- + register unsigned char *ep; + { + register unsigned char *vp, c; ++ unsigned int len, olen, elen; + + if (opt_reply == NULL) /*XXX*/ + return; /*XXX*/ +*************** +*** 1662,1680 **** + return; + } + vp = env_getvalue(ep); +! if (opt_replyp + (vp ? strlen((char *)vp) : 0) + +! strlen((char *)ep) + 6 > opt_replyend) + { +! register unsigned int len; +! opt_replyend += OPT_REPLY_SIZE; +! len = opt_replyend - opt_reply; + opt_reply = (unsigned char *)realloc(opt_reply, len); + if (opt_reply == NULL) { + /*@*/ printf("env_opt_add: realloc() failed!!!\n"); + opt_reply = opt_replyp = opt_replyend = NULL; + return; + } +! opt_replyp = opt_reply + len - (opt_replyend - opt_replyp); + opt_replyend = opt_reply + len; + } + if (opt_welldefined((char *) ep)) +--- 1666,1684 ---- + return; + } + vp = env_getvalue(ep); +! elen = 2 * (vp ? strlen((char *)vp) : 0) + +! 2 * strlen((char *)ep) + 6; +! if ((opt_replyend - opt_replyp) < elen) + { +! len = opt_replyend - opt_reply + elen; +! olen = opt_replyp - opt_reply; + opt_reply = (unsigned char *)realloc(opt_reply, len); + if (opt_reply == NULL) { + /*@*/ printf("env_opt_add: realloc() failed!!!\n"); + opt_reply = opt_replyp = opt_replyend = NULL; + return; + } +! opt_replyp = opt_reply + olen; + opt_replyend = opt_reply + len; + } + if (opt_welldefined((char *) ep)) |