Skip Menu |

Subject: SVN Commit

pull up rxxxxx from trunk

SPNEGO can read beyond the end of a buffer if the claimed DER length
exceeds the number of bytes in the input buffer. This can lead to
crash or information disclosure.

Thanks to Apple for reporting this vulnerability and providing
Commit By: tlyu
Revision: 22179
Changed Files:
U branches/krb5-1-6/src/lib/gssapi/spnego/spnego_mech.c