Patches from:

  - MITKRB5-SA-2003-005:
       Buffer overrun and underrun in principal name handling

  - MITKRB5-SA-2003-004:
       Cryptographic weaknesses in Kerberos v4 protocol; KDC and realm
       compromise possible.

  - MITKRB5-SA-2003-003:
       Faulty length checks in xdrmem_getbytes may allow kadmind DoS.

  - Additional patches from RedHat.

Approved by:	kris (wearing his portmgr hat)
Obtained from:	MIT Website and Nalin Dahyabhai <nalin@redhat.com>

1 files changed, 14 insertions, 0 deletions

diff --git a/security/krb5-16/files/patch-lib::krb5::krb::gc_frm_kdc.c b/security/krb5-16/files/patch-lib::krb5::krb::gc_frm_kdc.c
new file mode 100644
index 000000000000..4ad0d8cc43c5
--- /dev/null
+++ b/security/krb5-16/files/patch-lib::krb5::krb::gc_frm_kdc.c
@@ -0,0 +1,14 @@
+diff -ur krb5-1.2.7/src/lib/krb5/krb/gc_frm_kdc.c krb5-1.2.7/src/lib/krb5/krb/gc_frm_kdc.c
+--- lib/krb5/krb/gc_frm_kdc.c	1999-09-24 17:19:24.000000000 -0400
++++ lib/krb5/krb/gc_frm_kdc.c	2003-02-03 17:35:40.000000000 -0500
+@@ -347,7 +347,9 @@
+ 	for (next_server = top_server; *next_server; next_server++) {
+             krb5_data *realm_1 = krb5_princ_component(context, next_server[0], 1);
+             krb5_data *realm_2 = krb5_princ_component(context, tgtr->server, 1);
+-            if (realm_1->length == realm_2->length &&
++	    if (realm_1 != NULL &&
++		realm_2 != NULL &&
++                realm_1->length == realm_2->length &&
+                 !memcmp(realm_1->data, realm_2->data, realm_1->length)) {
+ 		break;
+             }