From a02488779dd899843cd3d91078094858714f2e49 Mon Sep 17 00:00:00 2001
From: cperciva <cperciva@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>
Date: Fri, 23 Dec 2011 15:00:37 +0000
Subject: [PATCH] Fix a problem whereby a corrupt DNS record can cause named to
 crash. [11:06]

Add an API for alerting internal libc routines to the presence of
"unsafe" paths post-chroot, and use it in ftpd. [11:07]

Fix a buffer overflow in telnetd. [11:08]

Make pam_ssh ignore unpassphrased keys unless the "nullok" option is
specified. [11:09]

Add sanity checking of service names in pam_start. [11:10]

Approved by:    so (cperciva)
Approved by:    re (bz)
Security:       FreeBSD-SA-11:06.bind
Security:       FreeBSD-SA-11:07.chroot
Security:       FreeBSD-SA-11:08.telnetd
Security:       FreeBSD-SA-11:09.pam_ssh
Security:       FreeBSD-SA-11:10.pam


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@228843 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
---
 libtelnet/encrypt.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libtelnet/encrypt.c b/libtelnet/encrypt.c
index 8bdf672..f8e9194 100644
--- a/libtelnet/encrypt.c
+++ b/libtelnet/encrypt.c
@@ -721,6 +721,9 @@ encrypt_keyid(struct key_info *kp, unsigned char *keyid, int len)
 	int dir = kp->dir;
 	int ret = 0;
 
+	if (len > MAXKEYLEN)
+		len = MAXKEYLEN;
+
 	if (!(ep = (*kp->getcrypt)(*kp->modep))) {
 		if (len == 0)
 			return;