Correct a heap buffer overflow in k5admind(8) when built with Kerberos

IV support.

Obtained from:	Heimdal CVS
Approved by:	so

3 files changed, 6 insertions, 1 deletions

diff --git a/UPDATING b/UPDATING
index 71d46cc7b8fa..7ab9fea7c224 100644
--- a/UPDATING
+++ b/UPDATING
@@ -17,6 +17,9 @@ minimal number of processes, if possible, for that patch.  For those
 updates that don't have an advisory, or to be safe, you can do a full
 build and install as described in the COMMON ITEMS section.
 
+20040505:	p20	FreeBSD-SA-04:09.kadmind
+	Correct a heap buffer overflow in k5admind's Kerberos IV support.
+
 20040505:	p19	FreeBSD-SA-04:08.heimdal
 	Correctly validate the transited field in Kerberos tickets.
 
diff --git a/crypto/heimdal/kadmin/version4.c b/crypto/heimdal/kadmin/version4.c
index 466ec3a4f852..a61ef314d01f 100644
--- a/crypto/heimdal/kadmin/version4.c
+++ b/crypto/heimdal/kadmin/version4.c
@@ -964,6 +964,8 @@ handle_v4(krb5_context context,
 	if(term_flag)
 	    exit(0);
 	if(first) {
+	    if (len < 2)
+		krb5_errx(context, 1, "received too short len (%d < 2)", len);
 	    /* first time around, we have already read len, and two
                bytes of the version string */
 	    krb5_data_alloc(&message, len);
diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh
index 5c3e21825b07..06c6d97a2923 100644
--- a/sys/conf/newvers.sh
+++ b/sys/conf/newvers.sh
@@ -36,7 +36,7 @@
 
 TYPE="FreeBSD"
 REVISION="4.8"
-BRANCH="RELEASE-p19"
+BRANCH="RELEASE-p20"
 RELEASE="${REVISION}-${BRANCH}"
 VERSION="${TYPE} ${RELEASE}"