diff options
author | Jacques Vidrine <nectar@FreeBSD.org> | 2001-07-19 21:43:42 +0000 |
---|---|---|
committer | Jacques Vidrine <nectar@FreeBSD.org> | 2001-07-19 21:43:42 +0000 |
commit | 65947fb078189cd261ccaa096aa9d745ebf042a3 (patch) | |
tree | 4bd405ba2309bcb8610602de81ccd6f384610950 /security/heimdal | |
parent | 6bf1507aad2c2ecc8e7797c7f3b1584b16855b46 (diff) | |
download | ports-65947fb078189cd261ccaa096aa9d745ebf042a3.tar.gz ports-65947fb078189cd261ccaa096aa9d745ebf042a3.zip |
= Fix possible telnetd vulnerability in option processing.
Obtained from: heimdal-discuss@sics.se
= Fix bug in GSSAPI accept_sec_context() that prevented credential
forwarding from working in some cases.
Notes
Notes:
svn path=/head/; revision=45257
Diffstat (limited to 'security/heimdal')
-rw-r--r-- | security/heimdal/Makefile | 1 | ||||
-rw-r--r-- | security/heimdal/files/patch-ad | 34 | ||||
-rw-r--r-- | security/heimdal/files/patch-ae | 29 |
3 files changed, 64 insertions, 0 deletions
diff --git a/security/heimdal/Makefile b/security/heimdal/Makefile index 815797389548..6c61e7c3e53e 100644 --- a/security/heimdal/Makefile +++ b/security/heimdal/Makefile @@ -7,6 +7,7 @@ PORTNAME= heimdal PORTVERSION= 0.4b +PORTREVISION= 1 CATEGORIES= security ipv6 MASTER_SITES= ftp://ftp.pdc.kth.se/pub/heimdal/src/ \ ftp://ftp.replay.com/pub/replay/crypto/APPS/kerberos/heimdal/ \ diff --git a/security/heimdal/files/patch-ad b/security/heimdal/files/patch-ad new file mode 100644 index 000000000000..719c82896d4e --- /dev/null +++ b/security/heimdal/files/patch-ad @@ -0,0 +1,34 @@ +--- lib/gssapi/accept_sec_context.c.orig Mon Jul 16 22:28:38 2001 ++++ lib/gssapi/accept_sec_context.c Tue Jul 17 08:10:32 2001 +@@ -283,12 +283,27 @@ + + krb5_ccache ccache; + +- if (delegated_cred_handle == NULL || *delegated_cred_handle == NULL) ++ if (delegated_cred_handle == NULL) + /* XXX Create a new delegated_cred_handle? */ + kret = krb5_cc_default (gssapi_krb5_context, &ccache); +- +- else { +- if ((*delegated_cred_handle)->ccache == NULL) ++ else if (*delegated_cred_handle == NULL) { ++ if ((*delegated_cred_handle = ++ calloc(1, sizeof(**delegated_cred_handle))) == NULL) { ++ kret = ENOMEM; ++ krb5_set_error_string(gssapi_krb5_context, "out of memory"); ++ gssapi_krb5_set_error_string(); ++ goto failure; ++ } ++ if ((kret = gss_duplicate_name(minor_status, ticket->client, ++ &(*delegated_cred_handle)->principal)) != 0) { ++ flags &= ~GSS_C_DELEG_FLAG; ++ free(*delegated_cred_handle); ++ *delegated_cred_handle = NULL; ++ goto end_fwd; ++ } ++ } ++ if (delegated_cred_handle != NULL && ++ (*delegated_cred_handle)->ccache == NULL) { + kret = krb5_cc_gen_new (gssapi_krb5_context, + &krb5_mcc_ops, + &(*delegated_cred_handle)->ccache); diff --git a/security/heimdal/files/patch-ae b/security/heimdal/files/patch-ae new file mode 100644 index 000000000000..f4e1d38369c0 --- /dev/null +++ b/security/heimdal/files/patch-ae @@ -0,0 +1,29 @@ +--- appl/telnet/telnetd/global.c 1997/05/11 06:29:59 1.12 ++++ appl/telnet/telnetd/global.c 2001/07/19 16:00:42 1.13 +@@ -36,7 +36,7 @@ + + #include "telnetd.h" + +-RCSID("$Id: global.c,v 1.12 1997/05/11 06:29:59 assar Exp $"); ++RCSID("$Id: global.c,v 1.13 2001/07/19 16:00:42 assar Exp $"); + + /* + * Telnet server variable declarations +@@ -93,7 +93,7 @@ + output_data (const char *format, ...) + { + va_list args; +- size_t remaining, ret; ++ int remaining, ret; + + va_start(args, format); + remaining = BUFSIZ - (nfrontp - netobuf); +@@ -101,7 +101,7 @@ + remaining, + format, + args); +- nfrontp += ret; ++ nfrontp += min(ret, remaining-1); + va_end(args); + return ret; + } |