From af7a454fd3da00363fde4728708eb83d5e734230 Mon Sep 17 00:00:00 2001
From: Cy Schubert <cy@FreeBSD.org>
Date: Fri, 21 Mar 2003 00:54:06 +0000
Subject: Patches from:   - MITKRB5-SA-2003-005:        Buffer overrun and
 underrun in principal name handling

  - MITKRB5-SA-2003-004:
       Cryptographic weaknesses in Kerberos v4 protocol; KDC and realm
       compromise possible.

  - MITKRB5-SA-2003-003:
       Faulty length checks in xdrmem_getbytes may allow kadmind DoS.

  - Additional patches from RedHat.

Approved by:	kris (wearing his portmgr hat)
Obtained from:	MIT Website and Nalin Dahyabhai <nalin@redhat.com>
---
 .../krb5-16/files/patch-lib::krb5::krb::parse.c    | 29 ++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 security/krb5-16/files/patch-lib::krb5::krb::parse.c

(limited to 'security/krb5-16/files/patch-lib::krb5::krb::parse.c')

diff --git a/security/krb5-16/files/patch-lib::krb5::krb::parse.c b/security/krb5-16/files/patch-lib::krb5::krb::parse.c
new file mode 100644
index 000000000000..8eb73b24c158
--- /dev/null
+++ b/security/krb5-16/files/patch-lib::krb5::krb::parse.c
@@ -0,0 +1,29 @@
+diff -ur krb5-1.2.7/src/lib/krb5/krb/parse.c krb5-1.2.7/src/lib/krb5/krb/parse.c
+--- lib/krb5/krb/parse.c	2002-02-28 12:08:35.000000000 -0500
++++ lib/krb5/krb/parse.c	2003-02-03 17:44:04.000000000 -0500
+@@ -173,11 +173,13 @@
+ 				cp++;
+ 				size++;
+ 			} else if (c == COMPONENT_SEP) {
+-				krb5_princ_component(context, principal, i)->length = size;
++				if (krb5_princ_size(context, principal) > i)
++					krb5_princ_component(context, principal, i)->length = size;
+ 				size = 0;
+ 				i++;
+ 			} else if (c == REALM_SEP) {
+-				krb5_princ_component(context, principal, i)->length = size;
++				if (krb5_princ_size(context, principal) > i)
++					krb5_princ_component(context, principal, i)->length = size;
+ 				size = 0;
+ 				parsed_realm = cp+1;
+ 			} else
+@@ -186,7 +188,8 @@
+ 		if (parsed_realm)
+ 			krb5_princ_realm(context, principal)->length = size;
+ 		else
+-			krb5_princ_component(context, principal, i)->length = size;
++			if (krb5_princ_size(context, principal) > i)
++				krb5_princ_component(context, principal, i)->length = size;
+ 		if (i + 1 != components) {
+ #if !defined(_MSDOS) && !defined(_WIN32) && !defined(macintosh)
+ 			fprintf(stderr,
-- 
cgit v1.2.3