Fix CVE-2020-10595:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10595

Patch copied from upstream advisory:

https://seclists.org/oss-sec/2020/q1/128

diff --git a/prompting.c b/prompting.c
index e985d95..d81054f 100644
--- a/prompting.c
+++ b/prompting.c
@@ -314,26 +314,27 @@ pamk5_prompter_krb5(krb5_context context UNUSED, void *data, const char *name,
     /*
      * Reuse pam_prompts as a starting index and copy the data into the reply
      * area of the krb5_prompt structs.
      */
     pam_prompts = 0;
     if (name != NULL && !args->silent)
         pam_prompts++;
     if (banner != NULL && !args->silent)
         pam_prompts++;
     for (i = 0; i < num_prompts; i++, pam_prompts++) {
-        size_t len;
+        size_t len, allowed;

         if (resp[pam_prompts].resp == NULL)
             goto cleanup;
         len = strlen(resp[pam_prompts].resp);
-        if (len > prompts[i].reply->length)
+        allowed = prompts[i].reply->length;
+        if (allowed == 0 || len > allowed - 1)
             goto cleanup;

         /*
          * The trailing nul is not included in length, but other applications
          * expect it to be there.  Therefore, we copy one more byte than the
          * actual length of the password, but set length to just the length of
          * the password.
          */
         memcpy(prompts[i].reply->data, resp[pam_prompts].resp, len + 1);
         prompts[i].reply->length = (unsigned int) len;
class='right' method='get' action='/guix/log/doc/images'>
<input type='hidden' name='id' value='9baa93b8183e41c5c5991d1ff91a479627e8d013'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=9baa93b8183e41c5c5991d1ff91a479627e8d013'>root</a>/<a href='/guix/log/doc?id=9baa93b8183e41c5c5991d1ff91a479627e8d013'>doc</a>/<a href='/guix/log/doc/images?id=9baa93b8183e41c5c5991d1ff91a479627e8d013'>images</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/doc/images?id=9baa93b8183e41c5c5991d1ff91a479627e8d013&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2024-04-14 10:29:07 +0200'>2024-04-14</span></td><td><a href='/guix/commit/doc/images?id=076670f7acb740e2bfbd8e3c8ef1be5221ed75c5'>doc: Use "dejavu sans" instead of "Helvetica" or "sans" in dot images.</a><span class='msg-avail'>...<span class='msg-tooltip'>Font-dejavu is (now) an input of fontconfig.  Specifying "dejavu sans" makes
generated images reproducible even when other fonts are installed (notably
font-google-noto).

* doc/images/bootstrap-graph.dot,
doc/images/bootstrap-packages.dot,
doc/images/coreutils-bag-graph.dot,
doc/images/coreutils-graph.dot,
doc/images/gcc-core-mesboot0-graph.dot,
doc/images/service-graph.dot,
doc/images/shepherd-graph.dot: Use fontname = "dejavu sans".
* doc/guix.texi (Full-Source Bootstrap): Update gcc-core-mesboot0.dot recipe
accordingly.

Change-Id: If21d7d39d45c66de5bceafb7b825a057d540ee50
</span></span></td><td>Janneke Nieuwenhuizen</td></tr>
<tr><td><span title='2022-05-12 19:27:59 +0200'>2022-05-12</span></td><td><a href='/guix/commit/doc/images?id=eeba993f570483345acd59c2d8709fd5d7ee7ae7'>doc: Add the "Full-source Bootstrap".</a><span class='msg-avail'>...<span class='msg-tooltip'>* doc/guix.texi (Reduced Binary Seed Bootstrap): Update and rename to...
(Full-Source Bootstrap): ...this.
* doc/images/gcc-core-mesboot0-graph.dot: Regenerate.
</span></span></td><td>Jan (janneke) Nieuwenhuizen</td></tr>
<tr><td><span title='2020-05-22 16:11:52 +0200'>2020-05-22</span></td><td><a href='/guix/commit/doc/images?id=cd5d5f53228fd5bf96d9f790aa2606ae71fa68d7'>doc: Update 'Bootstrapping' for further binary seed reduction.</a><span class='msg-avail'>...<span class='msg-tooltip'>* doc/images/gcc-core-mesboot0-graph.dot: New image, replacing
* doc/images/gcc-mesboot0-bag-graph.dot: ... remove file.
* doc/local.mk (DOT_FILES): Update for new image file.
* doc/guix.texi (Reduced Binary Seed Bootstrap): Use it in updated description
of further reduction of the trusted computing base.
</span></span></td><td>Jan Nieuwenhuizen</td></tr>
<tr><td><span title='2019-03-14 16:30:19 +0100'>2019-03-14</span></td><td><a href='/guix/commit/doc/images?id=19008a22d18e772062952034c58a15ed341df3b5'>Merge branch 'staging' into core-updates</a></td><td>Marius Bakke</td></tr>
<tr><td><span title='2019-03-13 23:12:43 +0100'>2019-03-13</span></td><td><a href='/guix/commit/doc/images?id=e1c15e8b8e25e14c253ff1212e289565736f6ea7'>doc: Document the graphical installer some more.</a><span class='msg-avail'>...<span class='msg-tooltip'>* doc/guix.texi (Preparing for Installation): Rewrite to specify the two
installation modes.
(Guided Graphical Installation): New node.
(Manual Installation): New node, with the former sections.
(After System Installation): New node.
* doc/images/installer-network.png, doc/images/installer-partitions.png,
doc/images/installer-resume.png: New files.
* doc/local.mk (dist_infoimage_DATA): Add them.
</span></span></td><td>Ludovic Courtès</td></tr>