projects / krb5.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0817871) | patch
CVE-2009-0844 (1.6.x) SPNEGO can read beyond buffer end
authorTom Yu <tlyu@mit.edu>
Wed, 8 Apr 2009 01:22:51 +0000 (01:22 +0000)
committerTom Yu <tlyu@mit.edu>
Wed, 8 Apr 2009 01:22:51 +0000 (01:22 +0000)
commitbfe7b5f6a92129e238eae0ef5a41ff19b063f0b9
tree8afb052a290f23e57eb80a729676cc57723833fatree | snapshot
parent0817871764e417483afdf005e37f7845b5884db6commit | diff
CVE-2009-0844 (1.6.x) SPNEGO can read beyond buffer end

pull up rxxxxx from trunk

SPNEGO can read beyond the end of a buffer if the claimed DER length
exceeds the number of bytes in the input buffer. This can lead to
crash or information disclosure.

Thanks to Apple for reporting this vulnerability and providing
patches.

ticket: 6446
tags: pullup
target_version: 1.6.4
version_fixd: 1.6.4

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@22179 dc483132-0cff-0310-8789-dd5450dbe970
src/lib/gssapi/spnego/spnego_mech.c diff | blob | history
MIT implementation of the Kerberos network authentication protocol. This repo may be rebased, so don't base your work on it. Use git://github.com/krb5/krb5 instead.