Login
Log in using an SSO provider:
Fedora Account System
Red Hat Associate
Red Hat Customer
Login using a Red Hat Bugzilla account
Forgot Password
Create an Account
Red Hat Bugzilla – Attachment 633270 Details for
Bug 864566
CVE-2012-4545 elinks: Improper delegation of client credentials during GSS negotiation
Home
New
Search
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh92 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
[?]
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
fixes supposed to go out with the security advisory
elinks-bz864566.patch (text/plain), 1.85 KB, created by
Kamil Dudka
on 2012-10-25 10:53:45 UTC
(
hide
)
Description:
fixes supposed to go out with the security advisory
Filename:
MIME Type:
Creator:
Kamil Dudka
Created:
2012-10-25 10:53:45 UTC
Size:
1.85 KB
patch
obsolete
>From 91f77244e0c43e997bd0f4d5a7fd63800145061d Mon Sep 17 00:00:00 2001 >From: Kamil Dudka <kdudka@redhat.com> >Date: Mon, 22 Oct 2012 15:01:19 +0200 >Subject: [PATCH 1/2] http_negotiate: do not use pointer with incompatible target > >--- > src/protocol/http/http_negotiate.c | 4 +++- > 1 files changed, 3 insertions(+), 1 deletions(-) > >diff --git a/src/protocol/http/http_negotiate.c b/src/protocol/http/http_negotiate.c >index 470b071..ca4c15a 100644 >--- a/src/protocol/http/http_negotiate.c >+++ b/src/protocol/http/http_negotiate.c >@@ -142,6 +142,7 @@ http_negotiate_parse_data(unsigned char *data, int type, > { > int len = 0; > unsigned char *end; >+ int token_length; > > if (data == NULL || *data == '\0') > return 0; >@@ -170,11 +171,12 @@ http_negotiate_parse_data(unsigned char *data, int type, > if (!len) > return 0; > >- token->value = (void *) base64_decode_bin(data, len, &token->length); >+ token->value = (void *) base64_decode_bin(data, len, &token_length); > > if (!token->value) > return -1; > >+ token->length = token_length; > return 0; > } > >-- >1.7.1 > > >From 5b66493148fc734c230f6bb930e3a30e69e27ea1 Mon Sep 17 00:00:00 2001 >From: Kamil Dudka <kdudka@redhat.com> >Date: Tue, 9 Oct 2012 13:01:56 +0200 >Subject: [PATCH 2/2] http_negotiate: do not delegate GSSAPI credentials > >Reported by Marko Myllynen. >--- > src/protocol/http/http_negotiate.c | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > >diff --git a/src/protocol/http/http_negotiate.c b/src/protocol/http/http_negotiate.c >index ca4c15a..08d6970 100644 >--- a/src/protocol/http/http_negotiate.c >+++ b/src/protocol/http/http_negotiate.c >@@ -190,7 +190,7 @@ http_negotiate_create_context(struct negotiate *neg) > &neg->context, > neg->server_name, > GSS_C_NO_OID, >- GSS_C_DELEG_FLAG, >+ 0, > 0, > GSS_C_NO_CHANNEL_BINDINGS, > &neg->input_token, >-- >1.7.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=633270">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 864566
:
624175
|
632061
|
633270
|
635073
|
635074