diff options
Diffstat (limited to '')
-rw-r--r-- | patches/source/subversion/subversion.CVE-2016-2167.diff | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/patches/source/subversion/subversion.CVE-2016-2167.diff b/patches/source/subversion/subversion.CVE-2016-2167.diff new file mode 100644 index 000000000..891cc59aa --- /dev/null +++ b/patches/source/subversion/subversion.CVE-2016-2167.diff @@ -0,0 +1,11 @@ +--- ./subversion/svnserve/cyrus_auth.c.orig 2014-01-26 22:04:31.000000000 -0600 ++++ ./subversion/svnserve/cyrus_auth.c 2016-04-30 15:00:31.936038054 -0500 +@@ -73,6 +73,8 @@ + { + /* The only valid realm is user_realm (i.e. the repository's realm). + If the user gave us another realm, complain. */ ++ if (realm_len != inlen-(pos-in+1)) ++ return SASL_BADPROT; + if (strncmp(pos+1, user_realm, inlen-(pos-in+1)) != 0) + return SASL_BADPROT; + } |