Ticket History #5921: (1.5.x) MITKRB5-SA-2008-002 rpc/svc.c descriptor array overrun [CVE-2008-0947]

# Wed Mar 19 14:42:52 2008 tlyu (Taylor Yu) - Ticket created

Subject:

fix MITKRB5-SA-2008-002 for 1.5-branch

Download (untitled) / with headers
text/plain 90B

fix MITKRB5-SA-2008-002 (libgssrpc file descriptor array overflow) for the krb5-1.5 branch

# Wed Mar 19 14:42:54 2008 tlyu (Taylor Yu) - Ticket 5921 RefersTo ticket 5918.

# Tue Mar 25 14:06:36 2008 tlyu (Taylor Yu) - Subject changed from 'fix MITKRB5-SA-2008-002 for 1.5-branch' to '(1.5.x) MITKRB5-SA-2008-002 rpc/svc.c descriptor array overrun [CVE-2008-0947]'

# Fri Mar 28 18:37:43 2008 tlyu (Taylor Yu) - Status changed from 'new' to 'resolved'

# Fri Mar 28 18:37:44 2008 tlyu (Taylor Yu) - Version_Fixed 1.5.5 added

# Fri Mar 28 18:37:44 2008 tlyu (Taylor Yu) - Correspondence added

From:	tlyu@mit.edu
Subject:	SVN Commit

Download (untitled) / with headers
text/plain 576B

pull up r20278 from trunk

r20278@cathode-dark-space: raeburn | 2008-03-18 14:55:26 -0400
ticket: new
subject: MITKRB5-SA-2008-002
target_version: 1.6.4
tags: pullup

Fix MITKRB5-SA-2008-002: array overrun in libgssrpc.

Don't update the internally-tracked maximum file descriptor value if
the new one is FD_SETSIZE (or NOFILE) or above. Reject TCP file
descriptors of FD_SETSIZE (NOFILE) or above.

Commit By: tlyu

Revision: 20293
Changed Files:
_U branches/krb5-1-5/
U branches/krb5-1-5/src/lib/rpc/svc.c
U branches/krb5-1-5/src/lib/rpc/svc_tcp.c

# Wed Dec 16 18:02:52 2015 tlyu (Taylor Yu) - CustomField pullup deleted