tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- markus@cvs.openbsd.org 2011/08/01 19:18:15 

[gss-serv.c]
     prevent post-auth resource exhaustion (int overflow leading to 4GB malloc);
     report Adam Zabrock; ok djm@, deraadt@
This commit is contained in:
Damien Miller 2011-08-06 06:16:46 +10:00
parent 35e48198a8
commit adb467fb69
2 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@ -13,6 +13,10 @@
fail open(2) with EPERM rather than SIGKILLing the whole process. libc fail open(2) with EPERM rather than SIGKILLing the whole process. libc
will call open() to do strerror() when NLS is enabled; will call open() to do strerror() when NLS is enabled;
feedback and ok markus@ feedback and ok markus@
- markus@cvs.openbsd.org 2011/08/01 19:18:15
[gss-serv.c]
prevent post-auth resource exhaustion (int overflow leading to 4GB malloc);
report Adam Zabrock; ok djm@, deraadt@
20110624 20110624
- (djm) [configure.ac Makefile.in sandbox-darwin.c] Add a sandbox for - (djm) [configure.ac Makefile.in sandbox-darwin.c] Add a sandbox for

4
gss-serv.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: gss-serv.c,v 1.22 2008/05/08 12:02:23 djm Exp $ */ /* $OpenBSD: gss-serv.c,v 1.23 2011/08/01 19:18:15 markus Exp $ */
/* /*
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@ -229,6 +229,8 @@ ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name)
name->length = get_u32(tok+offset); name->length = get_u32(tok+offset);
offset += 4; offset += 4;
if (UINT_MAX - offset < name->length)
return GSS_S_FAILURE;
if (ename->length < offset+name->length) if (ename->length < offset+name->length)
return GSS_S_FAILURE; return GSS_S_FAILURE;