= Fix possible telnetd vulnerability in option processing.

Obtained from:	heimdal-discuss@sics.se

= Fix bug in GSSAPI accept_sec_context() that prevented credential
  forwarding from working in some cases.

1 files changed, 34 insertions, 0 deletions

diff --git a/security/heimdal/files/patch-ad b/security/heimdal/files/patch-ad
new file mode 100644
index 000000000000..719c82896d4e
--- /dev/null
+++ b/security/heimdal/files/patch-ad
@@ -0,0 +1,34 @@
+--- lib/gssapi/accept_sec_context.c.orig	Mon Jul 16 22:28:38 2001
++++ lib/gssapi/accept_sec_context.c	Tue Jul 17 08:10:32 2001
+@@ -283,12 +283,27 @@
+       
+       krb5_ccache ccache;
+       
+-      if (delegated_cred_handle == NULL || *delegated_cred_handle == NULL)
++      if (delegated_cred_handle == NULL)
+          /* XXX Create a new delegated_cred_handle? */
+          kret = krb5_cc_default (gssapi_krb5_context, &ccache);
+-      
+-      else {
+-         if ((*delegated_cred_handle)->ccache == NULL)
++      else if (*delegated_cred_handle == NULL) {
++	 if ((*delegated_cred_handle =
++	      calloc(1, sizeof(**delegated_cred_handle))) == NULL) {
++	    kret = ENOMEM;
++	    krb5_set_error_string(gssapi_krb5_context, "out of memory");
++	    gssapi_krb5_set_error_string();
++	    goto failure;
++	 }
++	 if ((kret = gss_duplicate_name(minor_status, ticket->client,
++				&(*delegated_cred_handle)->principal)) != 0) {
++	    flags &= ~GSS_C_DELEG_FLAG;
++	    free(*delegated_cred_handle);
++	    *delegated_cred_handle = NULL;
++	    goto end_fwd;
++	 }
++      }
++      if (delegated_cred_handle != NULL &&
++	  (*delegated_cred_handle)->ccache == NULL) {
+             kret = krb5_cc_gen_new (gssapi_krb5_context,
+                                     &krb5_mcc_ops,
+                                     &(*delegated_cred_handle)->ccache);