pull up r19636 from trunk
authorTom Yu <tlyu@mit.edu>
Tue, 26 Jun 2007 18:29:40 +0000 (18:29 +0000)
committerTom Yu <tlyu@mit.edu>
Tue, 26 Jun 2007 18:29:40 +0000 (18:29 +0000)
commitb602c669fdc6ad972272f4f9f73501c5339c5577
tree382a21476de68aa8c2eb855fc50f1a77249af38d
parente10ca0a3d844b5acc99b6cf84a3c5e20199ac3c2
pull up r19636 from trunk

 r19636@cathode-dark-space:  tlyu | 2007-06-26 14:08:20 -0400
 ticket: new
 target_version: 1.6.2
 tags: pullup
 subject: fix MITKRB5-SA-2007-004 [CVE-2007-2442/VU#356961, CVE-2007-2443/VU#365313]

 CVE-2007-2442/VU#356961: The RPC library can free an uninitialized
 pointer.  This may lead to execution of arbitrary code.

 CVE-2007-2443/VU#365313: The RPC library can write past the end of a
 stack buffer.  This may (but is unlikely to) lead to execution of
 arbitrary code.

ticket: 5585
version_fixed: 1.6.2

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19638 dc483132-0cff-0310-8789-dd5450dbe970
src/lib/rpc/svc_auth_gssapi.c
src/lib/rpc/svc_auth_unix.c