head	1.1;
access;
symbols
	pkgsrc-2013Q2:1.1.0.36
	pkgsrc-2013Q2-base:1.1
	pkgsrc-2012Q4:1.1.0.34
	pkgsrc-2012Q4-base:1.1
	pkgsrc-2011Q4:1.1.0.32
	pkgsrc-2011Q4-base:1.1
	pkgsrc-2011Q2:1.1.0.30
	pkgsrc-2011Q2-base:1.1
	pkgsrc-2009Q4:1.1.0.28
	pkgsrc-2009Q4-base:1.1
	pkgsrc-2008Q4:1.1.0.26
	pkgsrc-2008Q4-base:1.1
	pkgsrc-2008Q3:1.1.0.24
	pkgsrc-2008Q3-base:1.1
	cube-native-xorg:1.1.0.22
	cube-native-xorg-base:1.1
	pkgsrc-2008Q2:1.1.0.20
	pkgsrc-2008Q2-base:1.1
	pkgsrc-2008Q1:1.1.0.18
	pkgsrc-2008Q1-base:1.1
	pkgsrc-2007Q4:1.1.0.16
	pkgsrc-2007Q4-base:1.1
	pkgsrc-2007Q3:1.1.0.14
	pkgsrc-2007Q3-base:1.1
	pkgsrc-2007Q2:1.1.0.12
	pkgsrc-2007Q2-base:1.1
	pkgsrc-2007Q1:1.1.0.10
	pkgsrc-2007Q1-base:1.1
	pkgsrc-2006Q4:1.1.0.8
	pkgsrc-2006Q4-base:1.1
	pkgsrc-2006Q3:1.1.0.6
	pkgsrc-2006Q3-base:1.1
	pkgsrc-2006Q2:1.1.0.4
	pkgsrc-2006Q2-base:1.1
	pkgsrc-2006Q1:1.1.0.2;
locks; strict;
comment	@# @;


1.1
date	2006.04.18.23.25.03;	author salo;	state dead;
branches
	1.1.2.1;
next	;

1.1.2.1
date	2006.04.18.23.25.03;	author salo;	state Exp;
branches;
next	;


desc
@@


1.1
log
@file patch-za was initially added on branch pkgsrc-2006Q1.
@
text
@@


1.1.2.1
log
@Pullup ticket 1407 - requested by jlam
security fix for cy2-digestmd5

Updated via patch provided by the submitter.

Fixes denial of service vulnerability described in CVE-2006-1721.
@
text
@a0 14
$NetBSD$

--- plugins/digestmd5.c.orig	2004-07-29 15:21:57.000000000 -0400
+++ plugins/digestmd5.c
@@@@ -2242,7 +2242,8 @@@@ static int digestmd5_server_mech_step2(s
     }
 
     /* Sanity check the parameters */
-    if (strcmp(realm, text->realm) != 0) {
+    if (((realm != NULL) && (strcmp(realm, text->realm) != 0)) &&
+	(text->realm[0] != 0)) {
 	SETERROR(sparams->utils,
 		 "realm changed: authentication aborted");
 	result = SASL_BADAUTH;
@