Fix CVE-2020-10595:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10595

Patch copied from upstream advisory:

https://seclists.org/oss-sec/2020/q1/128

diff --git a/prompting.c b/prompting.c
index e985d95..d81054f 100644
--- a/prompting.c
+++ b/prompting.c
@@ -314,26 +314,27 @@ pamk5_prompter_krb5(krb5_context context UNUSED, void *data, const char *name,
     /*
      * Reuse pam_prompts as a starting index and copy the data into the reply
      * area of the krb5_prompt structs.
      */
     pam_prompts = 0;
     if (name != NULL && !args->silent)
         pam_prompts++;
     if (banner != NULL && !args->silent)
         pam_prompts++;
     for (i = 0; i < num_prompts; i++, pam_prompts++) {
-        size_t len;
+        size_t len, allowed;

         if (resp[pam_prompts].resp == NULL)
             goto cleanup;
         len = strlen(resp[pam_prompts].resp);
-        if (len > prompts[i].reply->length)
+        allowed = prompts[i].reply->length;
+        if (allowed == 0 || len > allowed - 1)
             goto cleanup;

         /*
          * The trailing nul is not included in length, but other applications
          * expect it to be there.  Therefore, we copy one more byte than the
          * actual length of the password, but set length to just the length of
          * the password.
          */
         memcpy(prompts[i].reply->data, resp[pam_prompts].resp, len + 1);
         prompts[i].reply->length = (unsigned int) len;
lass='form'><form class='right' method='get' action='/guix/log/tests/nar.scm'>
<input type='hidden' name='id' value='aeb24932c50f2a90210021c2bacaddf6c5f15bec'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=aeb24932c50f2a90210021c2bacaddf6c5f15bec'>root</a>/<a href='/guix/log/tests?id=aeb24932c50f2a90210021c2bacaddf6c5f15bec'>tests</a>/<a href='/guix/log/tests/nar.scm?id=aeb24932c50f2a90210021c2bacaddf6c5f15bec'>nar.scm</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/tests/nar.scm?id=aeb24932c50f2a90210021c2bacaddf6c5f15bec&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2020-12-15 17:32:09 +0100'>2020-12-15</span></td><td><a href='/guix/commit/tests/nar.scm?id=2718c29c3fb9f9de2ec897248ad49ae11ca39b7a'>nar: Deduplicate files right as they are restored.</a><span class='msg-avail'>...<span class='msg-tooltip'>This avoids having to traverse and re-read the files that we have just
restored, thereby reducing I/O.

* guix/serialization.scm (dump-file): New procedure.
(restore-file): Add #:dump-file parameter and honor it.
* guix/store/deduplication.scm (tee, dump-file/deduplicate): New
procedures.
* guix/nar.scm (restore-one-item): Pass #:dump-file to 'restore-file'.
(finalize-store-file): Pass #:deduplicate? #f to 'register-items'.
* tests/nar.scm &lt;top level&gt;: Call 'setenv' to set "NIX_STORE".
</span></span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2020-12-15 17:32:09 +0100'>2020-12-15</span></td><td><a href='/guix/commit/tests/nar.scm?id=ed7d02f7c198970ce3fe94bcee47592963326446'>serialization: 'restore-file' sets canonical timestamp and permissions.</a><span class='msg-avail'>...<span class='msg-tooltip'>* guix/serialization.scm (restore-file): Set the permissions and mtime
of FILE.
* guix/nar.scm (finalize-store-file): Pass #:reset-timestamps? #f to
'register-items'.
* tests/nar.scm (rm-rf): Add 'chmod' calls to ensure files are writable.
("write-file + restore-file with symlinks"): Ensure every file in OUTPUT
passes 'canonical-file?'.
* tests/guix-archive.sh: Run "chmod -R +w" before "rm -rf".
</span></span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2020-12-15 17:32:09 +0100'>2020-12-15</span></td><td><a href='/guix/commit/tests/nar.scm?id=465d2cb286170933577de045e6e6dad7205bfe10'>serialization: 'fold-archive' notifies about directory processing completion.</a><span class='msg-avail'>...<span class='msg-tooltip'>* guix/serialization.scm (fold-archive): Call PROC with a
'directory-complete tag when done with a directory.
(restore-file): Handle it.
* guix/scripts/archive.scm (list-contents): Likewise.
* guix/scripts/challenge.scm (archive-contents): Likewise.
* tests/nar.scm ("write-file-tree + fold-archive"): Adjust accordingly.
</span></span></td><td>Ludovic Courtès</td></tr>