git.samba.org
/
metze
/
heimdal
/
wip.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
5ca0569
)
Fix CVE-2011-4862 Buffer overflow in libtelnet/encrypt.c in telnetd
author
Nicolas Williams
<nico@cryptonector.com>
Wed, 28 Dec 2011 23:50:30 +0000
(17:50 -0600)
committer
Nicolas Williams
<nico@cryptonector.com>
Wed, 28 Dec 2011 23:50:30 +0000
(17:50 -0600)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4862
http://security.freebsd.org/advisories/FreeBSD-SA-11:08.telnetd.asc
http://security.freebsd.org/patches/SA-11:08/telnetd.patch
appl/telnet/libtelnet/encrypt.c
patch
|
blob
|
history
diff --git
a/appl/telnet/libtelnet/encrypt.c
b/appl/telnet/libtelnet/encrypt.c
index 68e8bd686e816b9a2d0454bca0a564a893f5bbb9..58e081d42897d1b913fff233a09df053b2d2550a 100644
(file)
--- a/
appl/telnet/libtelnet/encrypt.c
+++ b/
appl/telnet/libtelnet/encrypt.c
@@
-736,6
+736,9
@@
encrypt_keyid(struct key_info *kp, unsigned char *keyid, int len)
int dir = kp->dir;
int ret = 0;
+ if (len > MAXKEYLEN)
+ len = MAXKEYLEN;
+
if (!(ep = (*kp->getcrypt)(*kp->modep))) {
if (len == 0)
return;