Fix CVE-2020-10595: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10595 Patch copied from upstream advisory: https://seclists.org/oss-sec/2020/q1/128 diff --git a/prompting.c b/prompting.c index e985d95..d81054f 100644 --- a/prompting.c +++ b/prompting.c @@ -314,26 +314,27 @@ pamk5_prompter_krb5(krb5_context context UNUSED, void *data, const char *name, /* * Reuse pam_prompts as a starting index and copy the data into the reply * area of the krb5_prompt structs. */ pam_prompts = 0; if (name != NULL && !args->silent) pam_prompts++; if (banner != NULL && !args->silent) pam_prompts++; for (i = 0; i < num_prompts; i++, pam_prompts++) { - size_t len; + size_t len, allowed; if (resp[pam_prompts].resp == NULL) goto cleanup; len = strlen(resp[pam_prompts].resp); - if (len > prompts[i].reply->length) + allowed = prompts[i].reply->length; + if (allowed == 0 || len > allowed - 1) goto cleanup; /* * The trailing nul is not included in length, but other applications * expect it to be there. Therefore, we copy one more byte than the * actual length of the password, but set length to just the length of * the password. */ memcpy(prompts[i].reply->data, resp[pam_prompts].resp, len + 1); prompts[i].reply->length = (unsigned int) len; 3241cccb80ff9056ed0c087a3bef4b0327'>diff
path: root/gnu/services/avahi.scm
AgeCommit message (Expand)Author
2020-01-19gnu: Use HTTPS for avahi.org everywhere....* gnu/packages/avahi.scm (avahi)[home-page]: Use HTTPS. * gnu/services/avahi.scm (avahi-service): Likewise in docstring. Tobias Geerinckx-Rice
2019-01-16services: avahi: Deprecate the 'avahi-service' procedure....* gnu/services/avahi.scm (<avahi-configuration>): Export getters. Add default values. (avahi-service-type)[default-value]: New field. (avahi-service): Mark as deprecated. * gnu/services/desktop.scm (%desktop-services): Use the 'service' form instead of calling 'avahi-service'. * gnu/tests/base.scm (%avahi-os): Likewise. * doc/guix.texi (Base Services): Adjust example accordingly. (Networking Services): Update accordingly. Ludovic Courtès
2018-02-19services: avahi: Publish '_workstation._tcp' by default....This reverts to the behavior of avahi-daemon prior to Avahi 0.7 (commit 550f4509acf2c0f67882260414b0bb2843e07465). * gnu/services/avahi.scm (<avahi-configuration>)[publish-workstation?]: New field. (configuration-file): Honor it. Ludovic Courtès
2018-02-19services: avahi: Read PID file from /run....* gnu/services/avahi.scm (%avahi-activation, avahi-shepherd-service): Use /run/avahi-daemon/ instead of /var/run/avahi-daemon/. This was the case since the switch to Avahi 0.7 (commit 550f4509acf2c0f67882260414b0bb2843e07465). Ludovic Courtès
2018-02-15gnu: nss-mdns: Update to 0.12.0....* gnu/packages/avahi.scm (nss-mdns): Update to 0.12 + patch. (nss-mdns-0.10.0): Remove. * gnu/services/avahi.scm (avahi-service-type): Use NSS-MDNS again. Ludovic Courtès
2018-02-09services: avahi: Default to nss-mdns 0.10....This works around <https://bugs.gnu.org/30396>. Reported by George myglc2 Clemmer <myglc2@gmail.com>. * gnu/packages/avahi.scm (nss-mdns-0.10): New variable. * gnu/services/avahi.scm (avahi-service-type): Use it. Ludovic Courtès
2017-11-05services: Add 'description' fields....* gnu/services/admin.scm (rottlog-service-type) (tailon-service-type): Add 'description' field. * gnu/services/audio.scm (mpd-service-type): Likewise. * gnu/services/avahi.scm (avahi-service-type): Likewise. * gnu/services/ssh.scm (lsh-service-type) (openssh-service-type, dropbear-service-type): Likewise. Ludovic Courtès