projects / krb5.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8f547d0) | patch
fix CVE-2007-3999 svc_auth_gss.c buffer overflow
authorTom Yu <tlyu@mit.edu>
Tue, 4 Sep 2007 18:52:56 +0000 (18:52 +0000)
committerTom Yu <tlyu@mit.edu>
Tue, 4 Sep 2007 18:52:56 +0000 (18:52 +0000)
commitd9d289e5519303478acf1853a89a3e0fbf170463
tree4b8c30b10607039a7282576e83e79efeb7000fc3tree | snapshot
parent8f547d08883c960887cf0bd136c5425a9aadccb0commit | diff
fix CVE-2007-3999 svc_auth_gss.c buffer overflow

Make sure svcauth_gss_validate adequately checks oa->oa_length prior
to copying into rpcbuf.

ticket: new
target_version: 1.6.3
tags: pullup
component: krb5-libs

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19913 dc483132-0cff-0310-8789-dd5450dbe970
src/lib/rpc/svc_auth_gss.c diff | blob | history
MIT implementation of the Kerberos network authentication protocol. This repo may be rebased, so don't base your work on it. Use git://github.com/krb5/krb5 instead.