mirror of
https://git.FreeBSD.org/ports.git
synced 2024-10-25 21:07:40 +00:00
= Fix possible telnetd vulnerability in option processing.
Obtained from: heimdal-discuss@sics.se = Fix bug in GSSAPI accept_sec_context() that prevented credential forwarding from working in some cases.
This commit is contained in:
parent
6bf1507aad
commit
65947fb078
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=45257
@ -7,6 +7,7 @@
|
||||
|
||||
PORTNAME= heimdal
|
||||
PORTVERSION= 0.4b
|
||||
PORTREVISION= 1
|
||||
CATEGORIES= security ipv6
|
||||
MASTER_SITES= ftp://ftp.pdc.kth.se/pub/heimdal/src/ \
|
||||
ftp://ftp.replay.com/pub/replay/crypto/APPS/kerberos/heimdal/ \
|
||||
|
34
security/heimdal/files/patch-ad
Normal file
34
security/heimdal/files/patch-ad
Normal file
@ -0,0 +1,34 @@
|
||||
--- lib/gssapi/accept_sec_context.c.orig Mon Jul 16 22:28:38 2001
|
||||
+++ lib/gssapi/accept_sec_context.c Tue Jul 17 08:10:32 2001
|
||||
@@ -283,12 +283,27 @@
|
||||
|
||||
krb5_ccache ccache;
|
||||
|
||||
- if (delegated_cred_handle == NULL || *delegated_cred_handle == NULL)
|
||||
+ if (delegated_cred_handle == NULL)
|
||||
/* XXX Create a new delegated_cred_handle? */
|
||||
kret = krb5_cc_default (gssapi_krb5_context, &ccache);
|
||||
-
|
||||
- else {
|
||||
- if ((*delegated_cred_handle)->ccache == NULL)
|
||||
+ else if (*delegated_cred_handle == NULL) {
|
||||
+ if ((*delegated_cred_handle =
|
||||
+ calloc(1, sizeof(**delegated_cred_handle))) == NULL) {
|
||||
+ kret = ENOMEM;
|
||||
+ krb5_set_error_string(gssapi_krb5_context, "out of memory");
|
||||
+ gssapi_krb5_set_error_string();
|
||||
+ goto failure;
|
||||
+ }
|
||||
+ if ((kret = gss_duplicate_name(minor_status, ticket->client,
|
||||
+ &(*delegated_cred_handle)->principal)) != 0) {
|
||||
+ flags &= ~GSS_C_DELEG_FLAG;
|
||||
+ free(*delegated_cred_handle);
|
||||
+ *delegated_cred_handle = NULL;
|
||||
+ goto end_fwd;
|
||||
+ }
|
||||
+ }
|
||||
+ if (delegated_cred_handle != NULL &&
|
||||
+ (*delegated_cred_handle)->ccache == NULL) {
|
||||
kret = krb5_cc_gen_new (gssapi_krb5_context,
|
||||
&krb5_mcc_ops,
|
||||
&(*delegated_cred_handle)->ccache);
|
29
security/heimdal/files/patch-ae
Normal file
29
security/heimdal/files/patch-ae
Normal file
@ -0,0 +1,29 @@
|
||||
--- appl/telnet/telnetd/global.c 1997/05/11 06:29:59 1.12
|
||||
+++ appl/telnet/telnetd/global.c 2001/07/19 16:00:42 1.13
|
||||
@@ -36,7 +36,7 @@
|
||||
|
||||
#include "telnetd.h"
|
||||
|
||||
-RCSID("$Id: global.c,v 1.12 1997/05/11 06:29:59 assar Exp $");
|
||||
+RCSID("$Id: global.c,v 1.13 2001/07/19 16:00:42 assar Exp $");
|
||||
|
||||
/*
|
||||
* Telnet server variable declarations
|
||||
@@ -93,7 +93,7 @@
|
||||
output_data (const char *format, ...)
|
||||
{
|
||||
va_list args;
|
||||
- size_t remaining, ret;
|
||||
+ int remaining, ret;
|
||||
|
||||
va_start(args, format);
|
||||
remaining = BUFSIZ - (nfrontp - netobuf);
|
||||
@@ -101,7 +101,7 @@
|
||||
remaining,
|
||||
format,
|
||||
args);
|
||||
- nfrontp += ret;
|
||||
+ nfrontp += min(ret, remaining-1);
|
||||
va_end(args);
|
||||
return ret;
|
||||
}
|
Loading…
Reference in New Issue
Block a user