summaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authornectar <nectar@FreeBSD.org>2001-07-19 21:43:42 +0000
committernectar <nectar@FreeBSD.org>2001-07-19 21:43:42 +0000
commitb38805416244d5d5612e3a026ee93d0e8a8d14c3 (patch)
treeb680260fc2b32611a71b1cc917681e76c4fce7e4 /security
parent7c5bf114fcb7a2301c57ac64d50f8fe02b764aff (diff)
downloadFreeBSD-ports-b38805416244d5d5612e3a026ee93d0e8a8d14c3.zip
FreeBSD-ports-b38805416244d5d5612e3a026ee93d0e8a8d14c3.tar.gz
= Fix possible telnetd vulnerability in option processing.
Obtained from: heimdal-discuss@sics.se = Fix bug in GSSAPI accept_sec_context() that prevented credential forwarding from working in some cases.
Diffstat (limited to 'security')
-rw-r--r--security/heimdal/Makefile1
-rw-r--r--security/heimdal/files/patch-ad34
-rw-r--r--security/heimdal/files/patch-ae29
3 files changed, 64 insertions, 0 deletions
diff --git a/security/heimdal/Makefile b/security/heimdal/Makefile
index 81579738..6c61e7c 100644
--- a/security/heimdal/Makefile
+++ b/security/heimdal/Makefile
@@ -7,6 +7,7 @@
PORTNAME= heimdal
PORTVERSION= 0.4b
+PORTREVISION= 1
CATEGORIES= security ipv6
MASTER_SITES= ftp://ftp.pdc.kth.se/pub/heimdal/src/ \
ftp://ftp.replay.com/pub/replay/crypto/APPS/kerberos/heimdal/ \
diff --git a/security/heimdal/files/patch-ad b/security/heimdal/files/patch-ad
new file mode 100644
index 0000000..719c828
--- /dev/null
+++ b/security/heimdal/files/patch-ad
@@ -0,0 +1,34 @@
+--- lib/gssapi/accept_sec_context.c.orig Mon Jul 16 22:28:38 2001
++++ lib/gssapi/accept_sec_context.c Tue Jul 17 08:10:32 2001
+@@ -283,12 +283,27 @@
+
+ krb5_ccache ccache;
+
+- if (delegated_cred_handle == NULL || *delegated_cred_handle == NULL)
++ if (delegated_cred_handle == NULL)
+ /* XXX Create a new delegated_cred_handle? */
+ kret = krb5_cc_default (gssapi_krb5_context, &ccache);
+-
+- else {
+- if ((*delegated_cred_handle)->ccache == NULL)
++ else if (*delegated_cred_handle == NULL) {
++ if ((*delegated_cred_handle =
++ calloc(1, sizeof(**delegated_cred_handle))) == NULL) {
++ kret = ENOMEM;
++ krb5_set_error_string(gssapi_krb5_context, "out of memory");
++ gssapi_krb5_set_error_string();
++ goto failure;
++ }
++ if ((kret = gss_duplicate_name(minor_status, ticket->client,
++ &(*delegated_cred_handle)->principal)) != 0) {
++ flags &= ~GSS_C_DELEG_FLAG;
++ free(*delegated_cred_handle);
++ *delegated_cred_handle = NULL;
++ goto end_fwd;
++ }
++ }
++ if (delegated_cred_handle != NULL &&
++ (*delegated_cred_handle)->ccache == NULL) {
+ kret = krb5_cc_gen_new (gssapi_krb5_context,
+ &krb5_mcc_ops,
+ &(*delegated_cred_handle)->ccache);
diff --git a/security/heimdal/files/patch-ae b/security/heimdal/files/patch-ae
new file mode 100644
index 0000000..f4e1d38
--- /dev/null
+++ b/security/heimdal/files/patch-ae
@@ -0,0 +1,29 @@
+--- appl/telnet/telnetd/global.c 1997/05/11 06:29:59 1.12
++++ appl/telnet/telnetd/global.c 2001/07/19 16:00:42 1.13
+@@ -36,7 +36,7 @@
+
+ #include "telnetd.h"
+
+-RCSID("$Id: global.c,v 1.12 1997/05/11 06:29:59 assar Exp $");
++RCSID("$Id: global.c,v 1.13 2001/07/19 16:00:42 assar Exp $");
+
+ /*
+ * Telnet server variable declarations
+@@ -93,7 +93,7 @@
+ output_data (const char *format, ...)
+ {
+ va_list args;
+- size_t remaining, ret;
++ int remaining, ret;
+
+ va_start(args, format);
+ remaining = BUFSIZ - (nfrontp - netobuf);
+@@ -101,7 +101,7 @@
+ remaining,
+ format,
+ args);
+- nfrontp += ret;
++ nfrontp += min(ret, remaining-1);
+ va_end(args);
+ return ret;
+ }
OpenPOWER on IntegriCloud