Fix CVE-2011-4862 Buffer overflow in libtelnet/encrypt.c in telnetd

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4862
    http://security.freebsd.org/advisories/FreeBSD-SA-11:08.telnetd.asc
    http://security.freebsd.org/patches/SA-11:08/telnetd.patch

diff --git a/appl/telnet/libtelnet/encrypt.c b/appl/telnet/libtelnet/encrypt.c
index 68e8bd686e816b9a2d0454bca0a564a893f5bbb9..58e081d42897d1b913fff233a09df053b2d2550a 100644 (file)
--- a/appl/telnet/libtelnet/encrypt.c
+++ b/appl/telnet/libtelnet/encrypt.c
@@ -736,6 +736,9 @@ encrypt_keyid(struct key_info *kp, unsigned char *keyid, int len)
     int dir = kp->dir;
     int ret = 0;
 
+    if (len > MAXKEYLEN)
+       len = MAXKEYLEN;
+
     if (!(ep = (*kp->getcrypt)(*kp->modep))) {
        if (len == 0)
            return;