pull up r24622 from trunk
authorTom Yu <tlyu@mit.edu>
Wed, 9 Feb 2011 20:53:23 +0000 (20:53 +0000)
committerTom Yu <tlyu@mit.edu>
Wed, 9 Feb 2011 20:53:23 +0000 (20:53 +0000)
commit04f10ed33a7b9df9371061664c14db2c8fb6e09f
tree6545b8c9640fc548e80d97b88568e051f1f04330
parentd1fd5e55324a6828bccfc6a6051242c8b491fb6b
pull up r24622 from trunk

 ------------------------------------------------------------------------
 r24622 | tlyu | 2011-02-09 15:25:08 -0500 (Wed, 09 Feb 2011) | 10 lines

 ticket: 6860
 subject: KDC denial of service attacks [MITKRB5-SA-2011-002 CVE-2011-0281 CVE-2011-0282 CVE-2011-0283]
 tags: pullup
 target_version: 1.9.1

 [CVE-2011-0281 CVE-2011-0282] Fix some LDAP back end principal name
 handling that could cause the KDC to hang or crash.

 [CVE-2011-0283] Fix a KDC null pointer dereference introduced in krb5-1.9.

ticket: 6860
version_fixed: 1.9.1
status: resolved

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-9@24624 dc483132-0cff-0310-8789-dd5450dbe970
src/kdc/dispatch.c
src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c
src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c