svn rev #3328: branches/krb5-appl-1-0/telnet/libtelnet/
ghudson@MIT.EDU
ghudson at MIT.EDU
Tue Dec 27 12:12:32 EST 2011
Commit By: ghudson
Log Message:
Pull up r3327 from trunk.
------------------------------------------------------------------------
r3327 | ghudson | 2011-12-27 11:59:36 -0500 (Tue, 27 Dec 2011) | 6 lines
ticket: 7056
subject: SA-2011-008 keyid buffer overflow [CVE-2011-4862]
Prevent a buffer overflow in encrypt_keyid if the remote party
supplies a keyid larger than MAXKEYLEN bytes.
Changed Files:
U branches/krb5-appl-1-0/telnet/libtelnet/encrypt.c
Modified: branches/krb5-appl-1-0/telnet/libtelnet/encrypt.c
===================================================================
--- branches/krb5-appl-1-0/telnet/libtelnet/encrypt.c 2011-12-27 16:59:36 UTC (rev 3327)
+++ branches/krb5-appl-1-0/telnet/libtelnet/encrypt.c 2011-12-27 17:12:32 UTC (rev 3328)
@@ -757,6 +757,9 @@
int dir = kp->dir;
register int ret = 0;
+ if (len > MAXKEYLEN)
+ len = MAXKEYLEN;
+
if (!(ep = (*kp->getcrypt)(*kp->modep))) {
if (len == 0)
return;
More information about the Krb5-appl-commits
mailing list