summaryrefslogtreecommitdiff
path: root/network/krb5/patches/2009-001-patch.txt
diff options
context:
space:
mode:
Diffstat (limited to 'network/krb5/patches/2009-001-patch.txt')
-rw-r--r--network/krb5/patches/2009-001-patch.txt187
1 files changed, 0 insertions, 187 deletions
diff --git a/network/krb5/patches/2009-001-patch.txt b/network/krb5/patches/2009-001-patch.txt
deleted file mode 100644
index 7485169ae4..0000000000
--- a/network/krb5/patches/2009-001-patch.txt
+++ /dev/null
@@ -1,187 +0,0 @@
---- src/lib/gssapi/spnego/spnego_mech.c
-+++ src/lib/gssapi/spnego/spnego_mech.c
-@@ -54,8 +54,8 @@ typedef const gss_OID_desc *gss_OID_const;
-
- /* der routines defined in libgss */
- extern unsigned int gssint_der_length_size(OM_uint32);
--extern int gssint_get_der_length(unsigned char **, OM_uint32, OM_uint32*);
--extern int gssint_put_der_length(OM_uint32, unsigned char **, OM_uint32);
-+extern int gssint_get_der_length(unsigned char **, OM_uint32, unsigned int*);
-+extern int gssint_put_der_length(OM_uint32, unsigned char **, unsigned int);
-
-
- /* private routines for spnego_mechanism */
-@@ -1249,7 +1249,8 @@ spnego_gss_accept_sec_context(void *ct,
- }
- cleanup:
- if (return_token != NO_TOKEN_SEND && return_token != CHECK_MIC) {
-- tmpret = make_spnego_tokenTarg_msg(negState, sc->internal_mech,
-+ tmpret = make_spnego_tokenTarg_msg(negState,
-+ sc ? sc->internal_mech : GSS_C_NO_OID,
- &mechtok_out, mic_out,
- return_token,
- output_token);
-@@ -1802,22 +1803,16 @@ static gss_buffer_t
- get_input_token(unsigned char **buff_in, unsigned int buff_length)
- {
- gss_buffer_t input_token;
-- unsigned int bytes;
-+ unsigned int len;
-
-- if (**buff_in != OCTET_STRING)
-+ if (g_get_tag_and_length(buff_in, OCTET_STRING, buff_length, &len) < 0)
- return (NULL);
-
-- (*buff_in)++;
- input_token = (gss_buffer_t)malloc(sizeof (gss_buffer_desc));
--
- if (input_token == NULL)
- return (NULL);
-
-- input_token->length = gssint_get_der_length(buff_in, buff_length, &bytes);
-- if ((int)input_token->length == -1) {
-- free(input_token);
-- return (NULL);
-- }
-+ input_token->length = len;
- input_token->value = malloc(input_token->length);
-
- if (input_token->value == NULL) {
-@@ -1869,8 +1864,8 @@ get_mech_set(OM_uint32 *minor_status, unsigned char **buff_in,
- {
- gss_OID_set returned_mechSet;
- OM_uint32 major_status;
-- OM_uint32 length;
-- OM_uint32 bytes;
-+ int length;
-+ unsigned int bytes;
- OM_uint32 set_length;
- unsigned char *start;
- int i;
-@@ -1882,22 +1877,25 @@ get_mech_set(OM_uint32 *minor_status, unsigned char **buff_in,
- (*buff_in)++;
-
- length = gssint_get_der_length(buff_in, buff_length, &bytes);
-+ if (length < 0 || buff_length - bytes < (unsigned int)length)
-+ return NULL;
-
- major_status = gss_create_empty_oid_set(minor_status,
- &returned_mechSet);
- if (major_status != GSS_S_COMPLETE)
- return (NULL);
-
-- for (set_length = 0, i = 0; set_length < length; i++) {
-+ for (set_length = 0, i = 0; set_length < (unsigned int)length; i++) {
- gss_OID_desc *temp = get_mech_oid(minor_status, buff_in,
- buff_length - (*buff_in - start));
-- if (temp != NULL) {
-- major_status = gss_add_oid_set_member(minor_status,
-- temp, &returned_mechSet);
-- if (major_status == GSS_S_COMPLETE) {
-+ if (temp == NULL)
-+ break;
-+
-+ major_status = gss_add_oid_set_member(minor_status,
-+ temp, &returned_mechSet);
-+ if (major_status == GSS_S_COMPLETE) {
- set_length += returned_mechSet->elements[i].length +2;
- generic_gss_release_oid(minor_status, &temp);
-- }
- }
- }
-
-@@ -2097,7 +2095,7 @@ get_negTokenResp(OM_uint32 *minor_status,
- return GSS_S_DEFECTIVE_TOKEN;
- if (*ptr++ == SEQUENCE) {
- tmplen = gssint_get_der_length(&ptr, REMAIN, &bytes);
-- if (tmplen < 0)
-+ if (tmplen < 0 || REMAIN < (unsigned int)tmplen)
- return GSS_S_DEFECTIVE_TOKEN;
- }
- if (REMAIN < 1)
-@@ -2107,7 +2105,7 @@ get_negTokenResp(OM_uint32 *minor_status,
-
- if (tag == CONTEXT) {
- tmplen = gssint_get_der_length(&ptr, REMAIN, &bytes);
-- if (tmplen < 0)
-+ if (tmplen < 0 || REMAIN < (unsigned int)tmplen)
- return GSS_S_DEFECTIVE_TOKEN;
-
- if (g_get_tag_and_length(&ptr, ENUMERATED,
-@@ -2128,7 +2126,7 @@ get_negTokenResp(OM_uint32 *minor_status,
- }
- if (tag == (CONTEXT | 0x01)) {
- tmplen = gssint_get_der_length(&ptr, REMAIN, &bytes);
-- if (tmplen < 0)
-+ if (tmplen < 0 || REMAIN < (unsigned int)tmplen)
- return GSS_S_DEFECTIVE_TOKEN;
-
- *supportedMech = get_mech_oid(minor_status, &ptr, REMAIN);
-@@ -2142,7 +2140,7 @@ get_negTokenResp(OM_uint32 *minor_status,
- }
- if (tag == (CONTEXT | 0x02)) {
- tmplen = gssint_get_der_length(&ptr, REMAIN, &bytes);
-- if (tmplen < 0)
-+ if (tmplen < 0 || REMAIN < (unsigned int)tmplen)
- return GSS_S_DEFECTIVE_TOKEN;
-
- *responseToken = get_input_token(&ptr, REMAIN);
-@@ -2156,7 +2154,7 @@ get_negTokenResp(OM_uint32 *minor_status,
- }
- if (tag == (CONTEXT | 0x03)) {
- tmplen = gssint_get_der_length(&ptr, REMAIN, &bytes);
-- if (tmplen < 0)
-+ if (tmplen < 0 || REMAIN < (unsigned int)tmplen)
- return GSS_S_DEFECTIVE_TOKEN;
-
- *mechListMIC = get_input_token(&ptr, REMAIN);
-@@ -2464,6 +2462,8 @@ make_spnego_tokenTarg_msg(OM_uint32 status, gss_OID mech_wanted,
-
- if (outbuf == GSS_C_NO_BUFFER)
- return (GSS_S_DEFECTIVE_TOKEN);
-+ if (sendtoken == INIT_TOKEN_SEND && mech_wanted == GSS_C_NO_OID)
-+ return (GSS_S_DEFECTIVE_TOKEN);
-
- outbuf->length = 0;
- outbuf->value = NULL;
-@@ -2715,7 +2715,7 @@ g_get_tag_and_length(unsigned char **buf, int tag,
- &encoded_len);
- if (tmplen < 0) {
- ret = -1;
-- } else if (tmplen > buflen - (ptr - *buf)) {
-+ } else if ((unsigned int)tmplen > buflen - (ptr - *buf)) {
- ret = -1;
- } else
- ret = 0;
---- src/lib/krb5/asn.1/asn1buf.c
-+++ src/lib/krb5/asn.1/asn1buf.c
-@@ -78,11 +78,11 @@ asn1_error_code asn1buf_wrap_data(asn1buf *buf, const krb5_data *code)
-
- asn1_error_code asn1buf_imbed(asn1buf *subbuf, const asn1buf *buf, const unsigned int length, const int indef)
- {
-+ if (buf->next > buf->bound + 1) return ASN1_OVERRUN;
- subbuf->base = subbuf->next = buf->next;
- if (!indef) {
-+ if (length > (size_t)(buf->bound + 1 - buf->next)) return ASN1_OVERRUN;
- subbuf->bound = subbuf->base + length - 1;
-- if (subbuf->bound > buf->bound)
-- return ASN1_OVERRUN;
- } else /* constructed indefinite */
- subbuf->bound = buf->bound;
- return 0;
-@@ -200,6 +200,7 @@ asn1_error_code asn1buf_remove_octetstring(asn1buf *buf, const unsigned int len,
- {
- int i;
-
-+ if (buf->next > buf->bound + 1) return ASN1_OVERRUN;
- if (len > buf->bound + 1 - buf->next) return ASN1_OVERRUN;
- if (len == 0) {
- *s = 0;
-@@ -218,6 +219,7 @@ asn1_error_code asn1buf_remove_charstring(asn1buf *buf, const unsigned int len,
- {
- int i;
-
-+ if (buf->next > buf->bound + 1) return ASN1_OVERRUN;
- if (len > buf->bound + 1 - buf->next) return ASN1_OVERRUN;
- if (len == 0) {
- *s = 0;
generated by cgit v1.2.3 (git 2.26.2) at 2024-11-16 19:55:28 +0000