svn rev #3327: trunk/telnet/libtelnet/
ghudson@MIT.EDU
ghudson at MIT.EDU
Tue Dec 27 11:59:37 EST 2011
Commit By: ghudson
Log Message:
ticket: 7056
subject: SA-2011-008 keyid buffer overflow [CVE-2011-4862]
Prevent a buffer overflow in encrypt_keyid if the remote party
supplies a keyid larger than MAXKEYLEN bytes.
Changed Files:
U trunk/telnet/libtelnet/encrypt.c
Modified: trunk/telnet/libtelnet/encrypt.c
===================================================================
--- trunk/telnet/libtelnet/encrypt.c 2011-11-08 17:30:41 UTC (rev 3326)
+++ trunk/telnet/libtelnet/encrypt.c 2011-12-27 16:59:36 UTC (rev 3327)
@@ -757,6 +757,9 @@
int dir = kp->dir;
register int ret = 0;
+ if (len > MAXKEYLEN)
+ len = MAXKEYLEN;
+
if (!(ep = (*kp->getcrypt)(*kp->modep))) {
if (len == 0)
return;
More information about the Krb5-appl-commits
mailing list