--- krb5-1.5.2/src/lib/rpc/svc_auth_gss.c.cve-2007-3999 2004-09-17 15:52:12.000000000 -0600
+++ krb5-1.5.2/src/lib/rpc/svc_auth_gss.c 2007-09-05 09:28:40.000000000 -0600
@@ -365,7 +365,7 @@ svcauth_gss_validate(struct svc_req *rqs
oa = &msg->rm_call.cb_cred;
IXDR_PUT_ENUM(buf, oa->oa_flavor);
IXDR_PUT_LONG(buf, oa->oa_length);
- if (oa->oa_length) {
+ if (oa->oa_length && oa->oa_length <= sizeof(rpchdr)) {
memcpy((caddr_t)buf, oa->oa_base, oa->oa_length);
buf += RNDUP(oa->oa_length) / sizeof(int32_t);
}
--- krb5-1.5.2/src/lib/kadm5/srv/svr_policy.c.cve-2007-3999 2007-09-05 09:31:24.000000000 -0600
+++ krb5-1.5.2/src/lib/kadm5/srv/svr_policy.c 2007-09-05 09:33:40.000000000 -0600
@@ -211,8 +211,9 @@ kadm5_modify_policy_internal(void *serve
if((mask & KADM5_POLICY))
return KADM5_BAD_MASK;
- ret = krb5_db_get_policy(handle->context, entry->policy, &p, &cnt);
- if( ret && (cnt==0) )
+ if ((ret = krb5_db_get_policy(handle->context, entry->policy, &p, &cnt)))
+ return ret;
+ if (cnt != 1)
return KADM5_UNK_POLICY;
if ((mask & KADM5_PW_MAX_LIFE))
distrib
>
Mandriva
>
2007.1
>
i586
>
media
>
main-updates-src
>
by-pkgid
>
3c9e0ed8c60f7b391e22a93a6373fe5e
>
files
>
29
