mirror of
https://git.FreeBSD.org/ports.git
synced 2025-01-25 09:34:11 +00:00
af7a454fd3
- MITKRB5-SA-2003-005:
Buffer overrun and underrun in principal name handling
- MITKRB5-SA-2003-004:
Cryptographic weaknesses in Kerberos v4 protocol; KDC and realm
compromise possible.
- MITKRB5-SA-2003-003:
Faulty length checks in xdrmem_getbytes may allow kadmind DoS.
- Additional patches from RedHat.
Approved by: kris (wearing his portmgr hat)
Obtained from: MIT Website and Nalin Dahyabhai <nalin@redhat.com>
13 lines
481 B
C
13 lines
481 B
C
diff -ur krb5-1.2.7/src/clients/ksu/heuristic.c krb5-1.2.7/src/clients/ksu/heuristic.c
|
|
--- clients/ksu/heuristic.c 2003-02-03 15:24:57.000000000 -0500
|
|
+++ clients/ksu/heuristic.c 2003-02-03 17:56:38.000000000 -0500
|
|
@@ -355,7 +355,7 @@
|
|
krb5_data *p2 =
|
|
krb5_princ_component(context, temp_client, j);
|
|
|
|
- if ((p1->length != p2->length) ||
|
|
+ if (!p1 || !p2 || (p1->length != p2->length) ||
|
|
memcmp(p1->data,p2->data,p1->length)){
|
|
got_one = FALSE;
|
|
break;
|