Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.420 (Entity 5.420)
From: tlyu@mit.edu
Subject: SVN Commit
RT-Send-CC:
X-RT-Original-Encoding: iso-8859-1
Content-Length: 1000

pull up r19395 from trunk

 r19395@cathode-dark-space:  tlyu | 2007-04-03 15:23:52 -0400
 ticket: new
 subject: MITKRB5-SA-2007-002: buffer overflow in krb5_klog_syslog
 target_version: 1.6.1
 tags: pullup
 
 Fix MITKRB5-SA-2007-002: buffer overflow in krb5_klog_syslog.
 
 	* src/lib/krb5/krb/get_in_tkt.c (krb5_klog_syslog): Use vsnprintf
 	if available.
 
 Everything else: use precision fields on "%s" specifiers to truncate
 logged strings, in case someone doesn't have vsnprintf.
 
 


Commit By: tlyu



Revision: 19404
Changed Files:
_U  branches/krb5-1-5/
U   branches/krb5-1-5/src/kadmin/server/kadm_rpc_svc.c
U   branches/krb5-1-5/src/kadmin/server/misc.c
U   branches/krb5-1-5/src/kadmin/server/misc.h
U   branches/krb5-1-5/src/kadmin/server/ovsec_kadmd.c
U   branches/krb5-1-5/src/kadmin/server/schpw.c
U   branches/krb5-1-5/src/kadmin/server/server_stubs.c
U   branches/krb5-1-5/src/kdc/do_tgs_req.c
U   branches/krb5-1-5/src/kdc/kdc_util.c
U   branches/krb5-1-5/src/lib/kadm5/logger.c