rpms/krb5/devel CVE-2007-3999-2.patch,NONE,1.1

[Nalin Somabhai Dahyabhai (nalin)]

Author: nalin

Update of /cvs/pkgs/rpms/krb5/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv16656

Added Files:
	CVE-2007-3999-2.patch 
Log Message:
- incorporate updated fix for CVE-2007-3999


CVE-2007-3999-2.patch:

--- NEW FILE CVE-2007-3999-2.patch ---
*** src/lib/rpc/svc_auth_gss.c	(revision 20474)
--- src/lib/rpc/svc_auth_gss.c	(local)
***************
*** 355,360 ****
--- 355,369 ----
  	memset(rpchdr, 0, sizeof(rpchdr));
  
  	/* XXX - Reconstruct RPC header for signing (from xdr_callmsg). */
+ 	oa = &msg->rm_call.cb_cred;
+ 	if (oa->oa_length > MAX_AUTH_BYTES)
+ 		return (FALSE);
+ 
+ 	/* 8 XDR units from the IXDR macro calls. */
+ 	if (sizeof(rpchdr) < (8 * BYTES_PER_XDR_UNIT +
+ 			      RNDUP(oa->oa_length)))
+ 		return (FALSE);
+ 
  	buf = (int32_t *)(void *)rpchdr;
  	IXDR_PUT_LONG(buf, msg->rm_xid);
  	IXDR_PUT_ENUM(buf, msg->rm_direction);
***************
*** 362,368 ****
  	IXDR_PUT_LONG(buf, msg->rm_call.cb_prog);
  	IXDR_PUT_LONG(buf, msg->rm_call.cb_vers);
  	IXDR_PUT_LONG(buf, msg->rm_call.cb_proc);
- 	oa = &msg->rm_call.cb_cred;
  	IXDR_PUT_ENUM(buf, oa->oa_flavor);
  	IXDR_PUT_LONG(buf, oa->oa_length);
  	if (oa->oa_length) {
--- 371,376 ----