Fix MITKRB5-SA-2004-003: ASN.1 decoder denial-of-service.

Heads-up by: nectar
author: Cy Schubert <cy@FreeBSD.org> 2004-09-01 15:01:20 +0000
committer: Cy Schubert <cy@FreeBSD.org> 2004-09-01 15:01:20 +0000
commit: e832541095ccd06493edaa919f1035f7ba30e6ea (patch)
tree: 3fc20ae9ba8639e2990bb8956dff88e68688b498 /security/krb5
parent: - add USE_GETOPT_LONG=yes and related patch (diff)
2 files changed, 14 insertions, 0 deletions
diff --git a/security/krb5/Makefile b/security/krb5/Makefile
index 9c3dd3045662..0e590c1b344a 100644
--- a/security/krb5/Makefile
+++ b/security/krb5/Makefile
@@ -7,6 +7,7 @@
 
 PORTNAME=		krb5
 PORTVERSION=		1.3.4
+PORTREVISION=		1
 CATEGORIES=		security
 # USE_TARBALL tells the port that the user has fetched the source
 # directly from MIT or crypto-publish.org (CRYTPO-PUBLISH).
diff --git a/security/krb5/files/patch-lib::krb5::asn.1::asn1buf.c b/security/krb5/files/patch-lib::krb5::asn.1::asn1buf.c
new file mode 100644
index 000000000000..6d3da983adc3
--- /dev/null
+++ b/security/krb5/files/patch-lib::krb5::asn.1::asn1buf.c
@@ -0,0 +1,13 @@
+*** lib/krb5/asn.1/asn1buf.c	12 Mar 2003 04:33:30 -0000	5.24
+--- lib/krb5/asn.1/asn1buf.c	23 Aug 2004 03:43:47 -0000
+***************
+*** 122,127 ****
+--- 122,129 ----
+        return ASN1_OVERRUN;
+    }
+    while (nestlevel > 0) {
++     if (buf->bound - buf->next + 1 <= 0)
++       return ASN1_OVERRUN;
+      retval = asn1_get_tag_2(buf, &t);
+      if (retval) return retval;
+      if (!t.indef) {
author	Cy Schubert <cy@FreeBSD.org>	2004-09-01 15:01:20 +0000
committer	Cy Schubert <cy@FreeBSD.org>	2004-09-01 15:01:20 +0000
commit	e832541095ccd06493edaa919f1035f7ba30e6ea (patch)
tree	3fc20ae9ba8639e2990bb8956dff88e68688b498 /security/krb5
parent	- add USE_GETOPT_LONG=yes and related patch (diff)