pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/security/mit-krb5 Patch from http://web.mit.edu/kerber...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/476337e64e38
branches:  trunk
changeset: 492341:476337e64e38
user:      jlam <jlam%pkgsrc.org@localhost>
date:      Sun Apr 10 07:46:50 2005 +0000

description:
Patch from http://web.mit.edu/kerberos/advisories/2005-001-patch_1.4.txt
which fixes MITKRB5-SA-2005-001 (CAN-2005-0468 & CAN-2005-0469) relating
to buffer overflows in the telnet client.  Bump PKGREVISION to 1.

diffstat:

 security/mit-krb5/Makefile         |   3 +-
 security/mit-krb5/distinfo         |   3 +-
 security/mit-krb5/patches/patch-al |  96 ++++++++++++++++++++++++++++++++++++++
 3 files changed, 100 insertions(+), 2 deletions(-)

diffs (127 lines):

diff -r 2c93497b2d21 -r 476337e64e38 security/mit-krb5/Makefile
--- a/security/mit-krb5/Makefile        Sun Apr 10 07:45:31 2005 +0000
+++ b/security/mit-krb5/Makefile        Sun Apr 10 07:46:50 2005 +0000
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.17 2005/04/10 07:15:24 jlam Exp $
+# $NetBSD: Makefile,v 1.18 2005/04/10 07:46:50 jlam Exp $
 
 DISTNAME=      krb5-1.4
 PKGNAME=       mit-${DISTNAME:S/-signed$//}
+PKGREVISION=   1
 CATEGORIES=    security
 MASTER_SITES=  http://web.mit.edu/kerberos/dist/krb5/1.4/
 DISTFILES=     ${DISTNAME}-signed${EXTRACT_SUFX}
diff -r 2c93497b2d21 -r 476337e64e38 security/mit-krb5/distinfo
--- a/security/mit-krb5/distinfo        Sun Apr 10 07:45:31 2005 +0000
+++ b/security/mit-krb5/distinfo        Sun Apr 10 07:46:50 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.9 2005/04/10 07:15:24 jlam Exp $
+$NetBSD: distinfo,v 1.10 2005/04/10 07:46:50 jlam Exp $
 
 SHA1 (krb5-1.4-signed.tar) = fa354aaaeb5ac5039653ebd249b1e3f9273a7a29
 RMD160 (krb5-1.4-signed.tar) = 0231e55c56f3d6d20aee3ca1bcb77b0eeaeabaae
@@ -13,3 +13,4 @@
 SHA1 (patch-ah) = 59a6bfc341a22234b38db406abe83b0d6d358a9f
 SHA1 (patch-aj) = 5c633571ea932ce349065cbb4c3bf482cc971675
 SHA1 (patch-ak) = 9d95372fd8edddbf0366e83a51d7a0b8a507f218
+SHA1 (patch-al) = dbfae9ee81ba7b0367bc874fe60d1c256f8c5cf1
diff -r 2c93497b2d21 -r 476337e64e38 security/mit-krb5/patches/patch-al
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/mit-krb5/patches/patch-al        Sun Apr 10 07:46:50 2005 +0000
@@ -0,0 +1,96 @@
+$NetBSD: patch-al,v 1.1 2005/04/10 07:46:50 jlam Exp $
+
+Patch from http://web.mit.edu/kerberos/advisories/2005-001-patch_1.4.txt
+which fixes MITKRB5-SA-2005-001 (CAN-2005-0468 & CAN-2005-0469) relating
+to buffer overflows in the telnet client.
+
+*** appl/telnet/telnet/telnet.c        15 Nov 2002 20:21:35 -0000      5.18
+--- appl/telnet/telnet/telnet.c        15 Mar 2005 18:59:32 -0000
+***************
+*** 1475,1480 ****
+--- 1475,1482 ----
+       unsigned char flags;
+       cc_t value;
+  {
++      if ((slc_replyp - slc_reply) + 6 > sizeof(slc_reply))
++              return;
+       if ((*slc_replyp++ = func) == IAC)
+               *slc_replyp++ = IAC;
+       if ((*slc_replyp++ = flags) == IAC)
+***************
+*** 1488,1498 ****
+  {
+      register int len;
+  
+-     *slc_replyp++ = IAC;
+-     *slc_replyp++ = SE;
+      len = slc_replyp - slc_reply;
+!     if (len <= 6)
+       return;
+      if (NETROOM() > len) {
+       ring_supply_data(&netoring, slc_reply, slc_replyp - slc_reply);
+       printsub('>', &slc_reply[2], slc_replyp - slc_reply - 2);
+--- 1490,1501 ----
+  {
+      register int len;
+  
+      len = slc_replyp - slc_reply;
+!     if (len <= 4 || (len + 2 > sizeof(slc_reply)))
+       return;
++     *slc_replyp++ = IAC;
++     *slc_replyp++ = SE;
++     len += 2;
+      if (NETROOM() > len) {
+       ring_supply_data(&netoring, slc_reply, slc_replyp - slc_reply);
+       printsub('>', &slc_reply[2], slc_replyp - slc_reply - 2);
+***************
+*** 1645,1650 ****
+--- 1648,1654 ----
+       register unsigned char *ep;
+  {
+       register unsigned char *vp, c;
++      unsigned int len, olen, elen;
+  
+       if (opt_reply == NULL)          /*XXX*/
+               return;                 /*XXX*/
+***************
+*** 1662,1680 ****
+               return;
+       }
+       vp = env_getvalue(ep);
+!      if (opt_replyp + (vp ? strlen((char *)vp) : 0) +
+!                              strlen((char *)ep) + 6 > opt_replyend)
+       {
+!              register unsigned int len;
+!              opt_replyend += OPT_REPLY_SIZE;
+!              len = opt_replyend - opt_reply;
+               opt_reply = (unsigned char *)realloc(opt_reply, len);
+               if (opt_reply == NULL) {
+  /*@*/                        printf("env_opt_add: realloc() failed!!!\n");
+                       opt_reply = opt_replyp = opt_replyend = NULL;
+                       return;
+               }
+!              opt_replyp = opt_reply + len - (opt_replyend - opt_replyp);
+               opt_replyend = opt_reply + len;
+       }
+       if (opt_welldefined((char *) ep))
+--- 1666,1684 ----
+               return;
+       }
+       vp = env_getvalue(ep);
+!      elen = 2 * (vp ? strlen((char *)vp) : 0) +
+!              2 * strlen((char *)ep) + 6;
+!      if ((opt_replyend - opt_replyp) < elen)
+       {
+!              len = opt_replyend - opt_reply + elen;
+!              olen = opt_replyp - opt_reply;
+               opt_reply = (unsigned char *)realloc(opt_reply, len);
+               if (opt_reply == NULL) {
+  /*@*/                        printf("env_opt_add: realloc() failed!!!\n");
+                       opt_reply = opt_replyp = opt_replyend = NULL;
+                       return;
+               }
+!              opt_replyp = opt_reply + olen;
+               opt_replyend = opt_reply + len;
+       }
+       if (opt_welldefined((char *) ep))



Home | Main Index | Thread Index | Old Index