Fix a problem whereby a corrupt DNS record can cause named to crash. [11:06]

Add an API for alerting internal libc routines to the presence of "unsafe" paths post-chroot, and use it in ftpd. [11:07] Fix a buffer overflow in telnetd. [11:08] Make pam_ssh ignore unpassphrased keys unless the "nullok" option is specified. [11:09] Add sanity checking of service names in pam_start. [11:10] Approved by: so (cperciva) Approved by: re (bz) Security: FreeBSD-SA-11:06.bind Security: FreeBSD-SA-11:07.chroot Security: FreeBSD-SA-11:08.telnetd Security: FreeBSD-SA-11:09.pam_ssh Security: FreeBSD-SA-11:10.pam
author: cperciva <cperciva@FreeBSD.org> 2011-12-23 15:00:37 +0000
committer: cperciva <cperciva@FreeBSD.org> 2011-12-23 15:00:37 +0000
commit: 6d6844d3db7a60700aba1a03b565183435faab20 (patch)
tree: 7006a336edec7e2e646d67e3d9e61837cdb2fa3f /crypto/heimdal
parent: d5cd91d7ec78cfb129089f34ccefa523b77425ce (diff)
download: FreeBSD-src-6d6844d3db7a60700aba1a03b565183435faab20.zip
FreeBSD-src-6d6844d3db7a60700aba1a03b565183435faab20.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/crypto/heimdal/appl/telnet/libtelnet/encrypt.c b/crypto/heimdal/appl/telnet/libtelnet/encrypt.c
index 04dbe83..a4669d2 100644
--- a/crypto/heimdal/appl/telnet/libtelnet/encrypt.c
+++ b/crypto/heimdal/appl/telnet/libtelnet/encrypt.c
@@ -736,6 +736,9 @@ encrypt_keyid(struct key_info *kp, unsigned char *keyid, int len)
     int dir = kp->dir;
     int ret = 0;
 
+    if (len > MAXKEYLEN)
+        len = MAXKEYLEN;
+
     if (!(ep = (*kp->getcrypt)(*kp->modep))) {
 	if (len == 0)
 	    return;
author	cperciva <cperciva@FreeBSD.org>	2011-12-23 15:00:37 +0000
committer	cperciva <cperciva@FreeBSD.org>	2011-12-23 15:00:37 +0000
commit	6d6844d3db7a60700aba1a03b565183435faab20 (patch)
tree	7006a336edec7e2e646d67e3d9e61837cdb2fa3f /crypto/heimdal
parent	d5cd91d7ec78cfb129089f34ccefa523b77425ce (diff)
download	FreeBSD-src-6d6844d3db7a60700aba1a03b565183435faab20.zip FreeBSD-src-6d6844d3db7a60700aba1a03b565183435faab20.tar.gz