Here is a patch extracted from DSA-1247-1:
--- libapache-mod-auth-kerb-4.996-5.0-rc6.orig/spnegokrb5/der_get.c +++ libapache-mod-auth-kerb-4.996-5.0-rc6/spnegokrb5/der_get.c @@ -151,7 +151,7 @@ if (len < 1) return ASN1_OVERRUN;
- data->components = malloc(len * sizeof(*data->components)); + data->components = malloc((len + 1) * sizeof(*data->components)); if (data->components == NULL && len != 0) return ENOMEM; data->components[0] = (*p) / 40;
Here is a patch extracted from DSA-1247-1:
--- libapache- mod-auth- kerb-4. 996-5.0- rc6.orig/ spnegokrb5/ der_get. c mod-auth- kerb-4. 996-5.0- rc6/spnegokrb5/ der_get. c
+++ libapache-
@@ -151,7 +151,7 @@
if (len < 1)
return ASN1_OVERRUN;
- data->components = malloc(len * sizeof( *data-> components) ); *data-> components) ); >components[ 0] = (*p) / 40;
+ data->components = malloc((len + 1) * sizeof(
if (data->components == NULL && len != 0)
return ENOMEM;
data-