Skip Menu |
 

From: tlyu@mit.edu
Subject: SVN Commit

r19913@cathode-dark-space: tlyu | 2007-09-04 14:52:56 -0400
ticket: new
subject: fix CVE-2007-3999 svc_auth_gss.c buffer overflow
target_version: 1.6.3
tags: pullup
component: krb5-libs

Make sure svcauth_gss_validate adequately checks oa->oa_length prior
to copying into rpcbuf.



Commit By: tlyu



Revision: 20289
Changed Files:
_U branches/krb5-1-5/
U branches/krb5-1-5/src/lib/rpc/svc_auth_gss.c
From: tlyu@mit.edu
Subject: SVN Commit

pull up r19923 from trunk

r19923@cathode-dark-space: tlyu | 2007-09-05 15:53:33 -0400
ticket: 5706

Revise patch to avoid 32-byte overflow which remained after the
initial patch. Memory written to by the IXDR macro calls had not been
accounted for. Thanks to Kevin Coffman, Will Fiveash, and Nico
Williams for discovering this bug and assisting with patch
development.




Commit By: tlyu



Revision: 20290
Changed Files:
_U branches/krb5-1-5/
U branches/krb5-1-5/src/lib/rpc/svc_auth_gss.c