pkgsrc-bugs: pkg/35459: heap overflow in ap-auth-kerb package

Subject: pkg/35459: heap overflow in ap-auth-kerb package
To: None <pkg-manager@netbsd.org, gnats-admin@netbsd.org,>
From: None <michael.santos@gmail.com>
List: pkgsrc-bugs
Date: 01/21/2007 16:30:00

>Number:         35459
>Category:       pkg
>Synopsis:       heap overflow in ap-auth-kerb package
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    pkg-manager
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Sun Jan 21 16:30:00 +0000 2007
>Originator:     Michael Santos
>Release:        pkgsrc-2006Q4
>Organization:
>Environment:
pkgsrc-2006Q4
>Description:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5989
>How-To-Repeat:

>Fix:
--- spnegokrb5/der_get.c.orig   2007-01-21 11:33:33.000000000 -0500
+++ spnegokrb5/der_get.c        2007-01-21 11:34:08.000000000 -0500
@@ -152,5 +152,5 @@
        return ASN1_OVERRUN;
 
-    data->components = malloc(len * sizeof(*data->components));
+    data->components = malloc((len + 1) * sizeof(*data->components));
     if (data->components == NULL && len != 0)
        return ENOMEM;


Or upgrade to newest version (mod_auth_kerb-5.3)