Copied from Debian.

From: Petr Stodulka <pstodulk@redhat.com>
Date: Mon, 14 Sep 2015 18:23:17 +0200
Subject: Upstream fix for heap overflow
Bug-Debian: https://bugs.debian.org/802162
Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1260944
Origin: https://bugzilla.redhat.com/attachment.cgi?id=1073002
Forwarded: yes

---
 crypt.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

--- a/crypt.c
+++ b/crypt.c
@@ -465,7 +465,17 @@
     GLOBAL(pInfo->encrypted) = FALSE;
     defer_leftover_input(__G);
     for (n = 0; n < RAND_HEAD_LEN; n++) {
-        b = NEXTBYTE;
+        /* 2012-11-23 SMS.  (OUSPG report.)
+         * Quit early if compressed size < HEAD_LEN.  The resulting
+         * error message ("unable to get password") could be improved,
+         * but it's better than trying to read nonexistent data, and
+         * then continuing with a negative G.csize.  (See
+         * fileio.c:readbyte()).
+         */
+        if ((b = NEXTBYTE) == (ush)EOF)
+        {
+            return PK_ERR;
+        }
         h[n] = (uch)b;
         Trace((stdout, " (%02x)", h[n]));
     }
645d64658e4b7dea8801f5604dfd395a0'>refs</a><a class='active' href='/guix/log/gnu/packages/sssd.scm'>log</a><a href='/guix/tree/gnu/packages/sssd.scm?id=22530b2645d64658e4b7dea8801f5604dfd395a0'>tree</a><a href='/guix/commit/gnu/packages/sssd.scm?id=22530b2645d64658e4b7dea8801f5604dfd395a0'>commit</a><a href='/guix/diff/gnu/packages/sssd.scm?id=22530b2645d64658e4b7dea8801f5604dfd395a0'>diff</a></td><td class='form'><form class='right' method='get' action='/guix/log/gnu/packages/sssd.scm'>
<input type='hidden' name='id' value='22530b2645d64658e4b7dea8801f5604dfd395a0'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=22530b2645d64658e4b7dea8801f5604dfd395a0'>root</a>/<a href='/guix/log/gnu?id=22530b2645d64658e4b7dea8801f5604dfd395a0'>gnu</a>/<a href='/guix/log/gnu/packages?id=22530b2645d64658e4b7dea8801f5604dfd395a0'>packages</a>/<a href='/guix/log/gnu/packages/sssd.scm?id=22530b2645d64658e4b7dea8801f5604dfd395a0'>sssd.scm</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/gnu/packages/sssd.scm?id=22530b2645d64658e4b7dea8801f5604dfd395a0&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2022-07-08 13:52:13 +0100'>2022-07-08</span></td><td><a href='/guix/commit/gnu/packages/sssd.scm?id=a9fd06121240c78071a398dd1e0ddb47553f3809'>gnu: sssd: Update to 2.7.3.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/packages/sssd.scm (sssd): Update to 2.7.3.

Signed-off-by: Christopher Baines &lt;mail@cbaines.net&gt;
</span></span></td><td>Timotej Lazar</td></tr>
<tr><td><span title='2022-05-29 02:00:17 +0200'>2022-05-29</span></td><td><a href='/guix/commit/gnu/packages/sssd.scm?id=29cd7f79461a42a874a4aa1e8b86173c2bc257c6'>gnu: ding-libs: Omit static library.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/packages/sssd.scm (ding-libs)[arguments]:
Add "--disable-static" to #:configure-flags.
</span></span></td><td>Tobias Geerinckx-Rice</td></tr>
<tr><td><span title='2022-05-29 02:00:17 +0200'>2022-05-29</span></td><td><a href='/guix/commit/gnu/packages/sssd.scm?id=748e7de380b1f902051b4b5aad4669932e576207'>gnu: ding-libs: Update to 0.6.2.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/packages/sssd.scm (ding-libs): Update to 0.6.2.
[native-inputs]: Add gettext-minimal.
</span></span></td><td>Tobias Geerinckx-Rice</td></tr>
<tr><td><span title='2022-05-29 02:00:16 +0200'>2022-05-29</span></td><td><a href='/guix/commit/gnu/packages/sssd.scm?id=b00f2728d81bc348528aaed2d1940494df01a6de'>gnu: ding-libs: Build from Git.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/packages/sssd.scm (ding-libs)[source]:
Use GIT-FETCH and GIT-FILE-NAME.
[native-inputs]: Add autoconf, automake, libtool, and pkg-config.
</span></span></td><td>Tobias Geerinckx-Rice</td></tr>

Age	Commit message (Expand)	Author
2022-07-08	gnu: sssd: Update to 2.7.3....* gnu/packages/sssd.scm (sssd): Update to 2.7.3. Signed-off-by: Christopher Baines <mail@cbaines.net>	Timotej Lazar
2022-05-29	gnu: ding-libs: Omit static library....* gnu/packages/sssd.scm (ding-libs)[arguments]: Add "--disable-static" to #:configure-flags.	Tobias Geerinckx-Rice
2022-05-29	gnu: ding-libs: Update to 0.6.2....* gnu/packages/sssd.scm (ding-libs): Update to 0.6.2. [native-inputs]: Add gettext-minimal.	Tobias Geerinckx-Rice
2022-05-29	gnu: ding-libs: Build from Git....* gnu/packages/sssd.scm (ding-libs)[source]: Use GIT-FETCH and GIT-FILE-NAME. [native-inputs]: Add autoconf, automake, libtool, and pkg-config.	Tobias Geerinckx-Rice