Date: Fri, 27 Jan 2012 18:21:40 +0000 (UTC) From: Ed Maste <emaste@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-6@freebsd.org Subject: svn commit: r230621 - in stable/6: contrib/telnet/libtelnet crypto/heimdal/appl/telnet/libtelnet Message-ID: <201201271821.q0RILe7G051277@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: emaste Date: Fri Jan 27 18:21:40 2012 New Revision: 230621 URL: http://svn.freebsd.org/changeset/base/230621 Log: MFC r228843: Fix a buffer overflow in telnetd. [11:08] Modified: stable/6/contrib/telnet/libtelnet/encrypt.c stable/6/crypto/heimdal/appl/telnet/libtelnet/encrypt.c Directory Properties: stable/6/contrib/telnet/ (props changed) stable/6/crypto/heimdal/ (props changed) Modified: stable/6/contrib/telnet/libtelnet/encrypt.c ============================================================================== --- stable/6/contrib/telnet/libtelnet/encrypt.c Fri Jan 27 17:39:02 2012 (r230620) +++ stable/6/contrib/telnet/libtelnet/encrypt.c Fri Jan 27 18:21:40 2012 (r230621) @@ -721,6 +721,9 @@ encrypt_keyid(struct key_info *kp, unsig int dir = kp->dir; int ret = 0; + if (len > MAXKEYLEN) + len = MAXKEYLEN; + if (!(ep = (*kp->getcrypt)(*kp->modep))) { if (len == 0) return; Modified: stable/6/crypto/heimdal/appl/telnet/libtelnet/encrypt.c ============================================================================== --- stable/6/crypto/heimdal/appl/telnet/libtelnet/encrypt.c Fri Jan 27 17:39:02 2012 (r230620) +++ stable/6/crypto/heimdal/appl/telnet/libtelnet/encrypt.c Fri Jan 27 18:21:40 2012 (r230621) @@ -736,6 +736,9 @@ encrypt_keyid(struct key_info *kp, unsig int dir = kp->dir; int ret = 0; + if (len > MAXKEYLEN) + len = MAXKEYLEN; + if (!(ep = (*kp->getcrypt)(*kp->modep))) { if (len == 0) return;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201201271821.q0RILe7G051277>