diff options
Diffstat (limited to 'staging/krb5/CVE-2011-0285.patch')
-rw-r--r-- | staging/krb5/CVE-2011-0285.patch | 39 |
1 files changed, 0 insertions, 39 deletions
diff --git a/staging/krb5/CVE-2011-0285.patch b/staging/krb5/CVE-2011-0285.patch deleted file mode 100644 index 61039113f..000000000 --- a/staging/krb5/CVE-2011-0285.patch +++ /dev/null @@ -1,39 +0,0 @@ -diff --git a/src/kadmin/server/schpw.c b/src/kadmin/server/schpw.c -index 1124445..0056885 100644 ---- a/src/kadmin/server/schpw.c -+++ b/src/kadmin/server/schpw.c -@@ -52,6 +52,7 @@ process_chpw_request(context, server_handle, realm, keytab, - - ret = 0; - rep->length = 0; -+ rep->data = NULL; - - auth_context = NULL; - changepw = NULL; -@@ -76,8 +77,13 @@ process_chpw_request(context, server_handle, realm, keytab, - plen = (*ptr++ & 0xff); - plen = (plen<<8) | (*ptr++ & 0xff); - -- if (plen != req->length) -- return(KRB5KRB_AP_ERR_MODIFIED); -+ if (plen != req->length) { -+ ret = KRB5KRB_AP_ERR_MODIFIED; -+ numresult = KRB5_KPASSWD_MALFORMED; -+ strlcpy(strresult, "Request length was inconsistent", -+ sizeof(strresult)); -+ goto chpwfail; -+ } - - /* verify version number */ - -@@ -531,6 +537,10 @@ cleanup: - if (local_kaddrs != NULL) - krb5_free_addresses(server_handle->context, local_kaddrs); - -+ if ((*response)->data == NULL) { -+ free(*response); -+ *response = NULL; -+ } - krb5_kt_close(server_handle->context, kt); - - return ret; |