Fix double-free vulnerability in kadmind (via GSS-API library).

Obtained from: MIT krb5 Security Advisory 2007-003 Security: US-CERT Technical Cyber Security Alert TA07-093B -- MIT Kerberos Vulnerabilities
author: Cy Schubert <cy@FreeBSD.org> 2007-04-04 01:40:12 +0000
committer: Cy Schubert <cy@FreeBSD.org> 2007-04-04 01:40:12 +0000
commit: d3dd8048be30c355e26165c86ea6117d717d4cdc (patch)
tree: b4b6aa73a54120015f7ceb6a2c4247c7aae40d66 /security/krb5-16
parent: - Update to 1.2.3 (diff)
2 files changed, 16 insertions, 0 deletions
diff --git a/security/krb5-16/Makefile b/security/krb5-16/Makefile
index 812bd17279c0..84dc9056535e 100644
--- a/security/krb5-16/Makefile
+++ b/security/krb5-16/Makefile
@@ -7,6 +7,7 @@
 
 PORTNAME=		krb5
 PORTVERSION=		1.6
+PORTREVISION=		1
 CATEGORIES=		security
 MASTER_SITES=		http://web.mit.edu/kerberos/dist/krb5/${PORTVERSION:C/^[0-9]*\.[0-9]*/&X/:C/X\.[0-9]*$//:C/X//}/
 DISTNAME=		${PORTNAME}-${PORTVERSION}-signed
diff --git a/security/krb5-16/files/patch-lib-gssapi-krb5-k5unseal.c b/security/krb5-16/files/patch-lib-gssapi-krb5-k5unseal.c
new file mode 100644
index 000000000000..38ae5df836f9
--- /dev/null
+++ b/security/krb5-16/files/patch-lib-gssapi-krb5-k5unseal.c
@@ -0,0 +1,15 @@
+--- lib/gssapi/krb5/k5unseal.c.orig	Tue May  9 04:31:02 2006
++++ lib/gssapi/krb5/k5unseal.c	Tue Apr  3 18:28:48 2007
+@@ -457,8 +457,11 @@
+ 
+     if ((ctx->initiate && direction != 0xff) ||
+ 	(!ctx->initiate && direction != 0)) {
+-	if (toktype == KG_TOK_SEAL_MSG)
++	if (toktype == KG_TOK_SEAL_MSG) {
+ 	    xfree(token.value);
++	    message_buffer->value = NULL;
++	    message_buffer->length = 0;
++	}
+ 	*minor_status = G_BAD_DIRECTION;
+ 	return(GSS_S_BAD_SIG);
+     }
author	Cy Schubert <cy@FreeBSD.org>	2007-04-04 01:40:12 +0000
committer	Cy Schubert <cy@FreeBSD.org>	2007-04-04 01:40:12 +0000
commit	d3dd8048be30c355e26165c86ea6117d717d4cdc (patch)
tree	b4b6aa73a54120015f7ceb6a2c4247c7aae40d66 /security/krb5-16
parent	- Update to 1.2.3 (diff)