1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
samba-mirror/third_party
Joseph Sutton d12bd2cd50 CVE-2022-3437 third_party/heimdal: Check for overflow in _gsskrb5_get_mech()
If len_len is equal to total_len - 1 (i.e. the input consists only of a
0x60 byte and a length), the expression 'total_len - 1 - len_len - 1',
used as the 'len' parameter to der_get_length(), will overflow to
SIZE_MAX. Then der_get_length() will proceed to read, unconstrained,
whatever data follows in memory. Add a check to ensure that doesn't
happen.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-10-25 10:31:34 +00:00
..
aesni-intel lib:crypto: Build intel aes-ni only if GnuTLS doesn't provide AES CMAC 2019-12-10 20:30:57 +00:00
cmocka third_party:cmocka: Fix build when used in lib/tevent 2021-07-07 05:07:30 +00:00
gpfs third_party: Update gpfs.h to 5.0.5.3 version 2020-10-05 20:06:04 +00:00
heimdal CVE-2022-3437 third_party/heimdal: Check for overflow in _gsskrb5_get_mech() 2022-10-25 10:31:34 +00:00
heimdal_build CVE-2022-3437 third_party/heimdal_build: Add gssapi-subsystem subsystem 2022-10-25 10:31:33 +00:00
nss_wrapper third_party: Update nss_wraper to version 1.1.12 2022-06-24 22:29:33 +00:00
pam_wrapper third_party: Update pam_wrapper to version 1.1.4 2021-10-28 19:03:04 +00:00
popt third_party/popt/wscript: update to handle waf 2.0.4 2018-09-05 06:37:24 +02:00
resolv_wrapper waf: Fix resolv_wrapper with glibc 2.34 2021-11-05 11:44:30 +00:00
socket_wrapper third_party: Update socket_wrapper to version 1.3.4 2022-07-22 04:36:30 +00:00
uid_wrapper third_party: Link uid_wrapper against pthread 2019-09-25 15:39:40 +00:00
waf third_party: Reformat shell scripts 2022-08-10 14:14:04 +00:00
update.sh third_party: Reformat shell scripts 2022-08-10 14:14:04 +00:00
wscript third_party:waf: Do not recurse in aesni-intel if GnuTLS provides the cipher 2022-04-04 19:31:28 +00:00