Skip Menu |
 

From: tlyu@mit.edu
Subject: SVN Commit
Make sure svcauth_gss_validate adequately checks oa->oa_length prior
to copying into rpcbuf.

Commit By: tlyu



Revision: 19913
Changed Files:
_U trunk/
U trunk/src/lib/rpc/svc_auth_gss.c
From: tlyu@mit.edu
Subject: SVN Commit
Revise patch to avoid 32-byte overflow which remained after the
initial patch. Memory written to by the IXDR macro calls had not been
accounted for. Thanks to Kevin Coffman, Will Fiveash, and Nico
Williams for discovering this bug and assisting with patch
development.


Commit By: tlyu



Revision: 19923
Changed Files:
_U trunk/
U trunk/src/lib/rpc/svc_auth_gss.c
From: tlyu@mit.edu
Subject: SVN Commit
pull up r19913 from trunk

r19913@cathode-dark-space: tlyu | 2007-09-04 14:52:56 -0400
ticket: new
subject: fix CVE-2007-3999 svc_auth_gss.c buffer overflow
target_version: 1.6.3
tags: pullup
component: krb5-libs

Make sure svcauth_gss_validate adequately checks oa->oa_length prior
to copying into rpcbuf.



Commit By: tlyu



Revision: 19924
Changed Files:
_U branches/krb5-1-6/
U branches/krb5-1-6/src/lib/rpc/svc_auth_gss.c
From: tlyu@mit.edu
Subject: SVN Commit
pull up r19923 from trunk

r19923@cathode-dark-space: tlyu | 2007-09-05 15:53:33 -0400
ticket: 5706

Revise patch to avoid 32-byte overflow which remained after the
initial patch. Memory written to by the IXDR macro calls had not been
accounted for. Thanks to Kevin Coffman, Will Fiveash, and Nico
Williams for discovering this bug and assisting with patch
development.




Commit By: tlyu



Revision: 19925
Changed Files:
_U branches/krb5-1-6/
U branches/krb5-1-6/src/lib/rpc/svc_auth_gss.c
Note: the flawed patch for CVE-2007-3999 has been assigned CVE-2007-4743.