Fix a problem whereby a corrupt DNS record can cause named to crash. [11:06]

Add an API for alerting internal libc routines to the presence of "unsafe" paths post-chroot, and use it in ftpd. [11:07] Fix a buffer overflow in telnetd. [11:08] Make pam_ssh ignore unpassphrased keys unless the "nullok" option is specified. [11:09] Add sanity checking of service names in pam_start. [11:10] Approved by: so (cperciva) Approved by: re (bz) Security: FreeBSD-SA-11:06.bind Security: FreeBSD-SA-11:07.chroot Security: FreeBSD-SA-11:08.telnetd Security: FreeBSD-SA-11:09.pam_ssh Security: FreeBSD-SA-11:10.pam git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@228843 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
2025-02-16 13:30:34 +00:00 · 2011-12-23 15:00:37 +00:00 · 2011-12-23 15:00:37 +00:00 · a02488779d
commit a02488779d
parent 24a5c1e093
1 changed files with 3 additions and 0 deletions
--- a/libtelnet/encrypt.c
+++ b/libtelnet/encrypt.c
@ -721,6 +721,9 @@ encrypt_keyid(struct key_info *kp, unsigned char *keyid, int len)
 	int dir = kp->dir;
 	int ret = 0;

+	if (len > MAXKEYLEN)
+		len = MAXKEYLEN;
+
 	if (!(ep = (*kp->getcrypt)(*kp->modep))) {
 		if (len == 0)
 			return;