989d921f5d
I'm very pleased to announce the release of our new website and documentation using the new toolchain with Hugo and AsciiDoctor. To get more information about the new toolchain please read the FreeBSD Documentation Project Primer[1], Hugo docs[2] and AsciiDoctor docs[3]. Acknowledgment: Benedict Reuschling <bcr@> Glen Barber <gjb@> Hiroki Sato <hrs@> Li-Wen Hsu <lwhsu@> Sean Chittenden <seanc@> The FreeBSD Foundation [1] https://docs.FreeBSD.org/en/books/fdp-primer/ [2] https://gohugo.io/documentation/ [3] https://docs.asciidoctor.org/home/ Approved by: doceng, core
68 lines
2.6 KiB
Diff
68 lines
2.6 KiB
Diff
Index: crypto/heimdal/kadmin/version4.c
|
|
diff -c crypto/heimdal/kadmin/version4.c:1.1.1.1.2.3 crypto/heimdal/kadmin/version4.c:1.1.1.1.2.4
|
|
*** crypto/heimdal/kadmin/version4.c:1.1.1.1.2.3 Fri Sep 20 05:50:21 2002
|
|
--- crypto/heimdal/kadmin/version4.c Mon Oct 21 22:51:10 2002
|
|
***************
|
|
*** 822,827 ****
|
|
--- 822,834 ----
|
|
off += _krb5_get_int(msg + off, &rlen, 4);
|
|
memset(&authent, 0, sizeof(authent));
|
|
authent.length = message.length - rlen - KADM_VERSIZE - 4;
|
|
+
|
|
+ if(authent.length >= MAX_KTXT_LEN) {
|
|
+ krb5_warnx(context, "received bad rlen (%lu)", (unsigned long)rlen);
|
|
+ make_you_loose_packet (KADM_LENGTH_ERROR, reply);
|
|
+ return;
|
|
+ }
|
|
+
|
|
memcpy(authent.dat, (char*)msg + off, authent.length);
|
|
off += authent.length;
|
|
|
|
Index: crypto/kerberosIV/kadmin/kadm_ser_wrap.c
|
|
diff -c crypto/kerberosIV/kadmin/kadm_ser_wrap.c:1.1.1.3 crypto/kerberosIV/kadmin/kadm_ser_wrap.c:1.1.1.3.12.1
|
|
*** crypto/kerberosIV/kadmin/kadm_ser_wrap.c:1.1.1.3 Sun Jan 9 02:27:52 2000
|
|
--- crypto/kerberosIV/kadmin/kadm_ser_wrap.c Wed Oct 23 08:21:32 2002
|
|
***************
|
|
*** 117,132 ****
|
|
u_char *retdat, *tmpdat;
|
|
int retval, retlen;
|
|
|
|
! if (strncmp(KADM_VERSTR, (char *)*dat, KADM_VERSIZE)) {
|
|
errpkt(errdat, dat, dat_len, KADM_BAD_VER);
|
|
return KADM_BAD_VER;
|
|
}
|
|
in_len = KADM_VERSIZE;
|
|
/* get the length */
|
|
! if ((retc = stv_long(*dat, &r_len, in_len, *dat_len)) < 0)
|
|
return KADM_LENGTH_ERROR;
|
|
in_len += retc;
|
|
authent.length = *dat_len - r_len - KADM_VERSIZE - sizeof(u_int32_t);
|
|
memcpy(authent.dat, (char *)(*dat) + in_len, authent.length);
|
|
authent.mbz = 0;
|
|
/* service key should be set before here */
|
|
--- 117,141 ----
|
|
u_char *retdat, *tmpdat;
|
|
int retval, retlen;
|
|
|
|
! if (*dat_len < (KADM_VERSIZE + sizeof(u_int32_t))
|
|
! || strncmp(KADM_VERSTR, (char *)*dat, KADM_VERSIZE) != 0) {
|
|
errpkt(errdat, dat, dat_len, KADM_BAD_VER);
|
|
return KADM_BAD_VER;
|
|
}
|
|
in_len = KADM_VERSIZE;
|
|
/* get the length */
|
|
! if ((retc = stv_long(*dat, &r_len, in_len, *dat_len)) < 0 ||
|
|
! (r_len > *dat_len - KADM_VERSIZE - sizeof(u_int32_t))) {
|
|
! errpkt(errdat, dat, dat_len, KADM_LENGTH_ERROR);
|
|
return KADM_LENGTH_ERROR;
|
|
+ }
|
|
+
|
|
in_len += retc;
|
|
authent.length = *dat_len - r_len - KADM_VERSIZE - sizeof(u_int32_t);
|
|
+ if (authent.length > MAX_KTXT_LEN) {
|
|
+ errpkt(errdat, dat, dat_len, KADM_LENGTH_ERROR);
|
|
+ return KADM_LENGTH_ERROR;
|
|
+ }
|
|
memcpy(authent.dat, (char *)(*dat) + in_len, authent.length);
|
|
authent.mbz = 0;
|
|
/* service key should be set before here */
|