3571e53040
patches for easier mirroring, to eliminate a special copy, to make www.freebsd.org/security a full copy of security.freebsd.org and be eventually be the same. For now files are just sitting there. The symlinks are missing. Discussed on: www (repository location) Discussed with: simon (so)
68 lines
2.6 KiB
Diff
68 lines
2.6 KiB
Diff
Index: crypto/heimdal/kadmin/version4.c
|
|
diff -c crypto/heimdal/kadmin/version4.c:1.1.1.1.2.3 crypto/heimdal/kadmin/version4.c:1.1.1.1.2.4
|
|
*** crypto/heimdal/kadmin/version4.c:1.1.1.1.2.3 Fri Sep 20 05:50:21 2002
|
|
--- crypto/heimdal/kadmin/version4.c Mon Oct 21 22:51:10 2002
|
|
***************
|
|
*** 822,827 ****
|
|
--- 822,834 ----
|
|
off += _krb5_get_int(msg + off, &rlen, 4);
|
|
memset(&authent, 0, sizeof(authent));
|
|
authent.length = message.length - rlen - KADM_VERSIZE - 4;
|
|
+
|
|
+ if(authent.length >= MAX_KTXT_LEN) {
|
|
+ krb5_warnx(context, "received bad rlen (%lu)", (unsigned long)rlen);
|
|
+ make_you_loose_packet (KADM_LENGTH_ERROR, reply);
|
|
+ return;
|
|
+ }
|
|
+
|
|
memcpy(authent.dat, (char*)msg + off, authent.length);
|
|
off += authent.length;
|
|
|
|
Index: crypto/kerberosIV/kadmin/kadm_ser_wrap.c
|
|
diff -c crypto/kerberosIV/kadmin/kadm_ser_wrap.c:1.1.1.3 crypto/kerberosIV/kadmin/kadm_ser_wrap.c:1.1.1.3.12.1
|
|
*** crypto/kerberosIV/kadmin/kadm_ser_wrap.c:1.1.1.3 Sun Jan 9 02:27:52 2000
|
|
--- crypto/kerberosIV/kadmin/kadm_ser_wrap.c Wed Oct 23 08:21:32 2002
|
|
***************
|
|
*** 117,132 ****
|
|
u_char *retdat, *tmpdat;
|
|
int retval, retlen;
|
|
|
|
! if (strncmp(KADM_VERSTR, (char *)*dat, KADM_VERSIZE)) {
|
|
errpkt(errdat, dat, dat_len, KADM_BAD_VER);
|
|
return KADM_BAD_VER;
|
|
}
|
|
in_len = KADM_VERSIZE;
|
|
/* get the length */
|
|
! if ((retc = stv_long(*dat, &r_len, in_len, *dat_len)) < 0)
|
|
return KADM_LENGTH_ERROR;
|
|
in_len += retc;
|
|
authent.length = *dat_len - r_len - KADM_VERSIZE - sizeof(u_int32_t);
|
|
memcpy(authent.dat, (char *)(*dat) + in_len, authent.length);
|
|
authent.mbz = 0;
|
|
/* service key should be set before here */
|
|
--- 117,141 ----
|
|
u_char *retdat, *tmpdat;
|
|
int retval, retlen;
|
|
|
|
! if (*dat_len < (KADM_VERSIZE + sizeof(u_int32_t))
|
|
! || strncmp(KADM_VERSTR, (char *)*dat, KADM_VERSIZE) != 0) {
|
|
errpkt(errdat, dat, dat_len, KADM_BAD_VER);
|
|
return KADM_BAD_VER;
|
|
}
|
|
in_len = KADM_VERSIZE;
|
|
/* get the length */
|
|
! if ((retc = stv_long(*dat, &r_len, in_len, *dat_len)) < 0 ||
|
|
! (r_len > *dat_len - KADM_VERSIZE - sizeof(u_int32_t))) {
|
|
! errpkt(errdat, dat, dat_len, KADM_LENGTH_ERROR);
|
|
return KADM_LENGTH_ERROR;
|
|
+ }
|
|
+
|
|
in_len += retc;
|
|
authent.length = *dat_len - r_len - KADM_VERSIZE - sizeof(u_int32_t);
|
|
+ if (authent.length > MAX_KTXT_LEN) {
|
|
+ errpkt(errdat, dat, dat_len, KADM_LENGTH_ERROR);
|
|
+ return KADM_LENGTH_ERROR;
|
|
+ }
|
|
memcpy(authent.dat, (char *)(*dat) + in_len, authent.length);
|
|
authent.mbz = 0;
|
|
/* service key should be set before here */
|