Merge from the 5.3 branch (security fix). Tagged as merge_53_src, merge_53_dst, merge...

diff --git a/configure.in b/configure.in
index 1f120b7..96f9330 100644 (file)
--- a/configure.in
+++ b/configure.in
@@ -1,7 +1,7 @@
 # Process this file with autoconf to produce a configure script.
 AC_REVISION($Revision$)
 AC_PREREQ(2.57)
-AC_INIT(mod_auth_kerb, 5.2, modauthkerb-developers@lists.sourceforge.net)
+AC_INIT(mod_auth_kerb, 5.3, modauthkerb-developers@lists.sourceforge.net)
 AC_CONFIG_SRCDIR([src/mod_auth_kerb.c])
 AC_CONFIG_HEADER([config.h])
 

diff --git a/spnegokrb5/der_get.c b/spnegokrb5/der_get.c
index a8fbafe..50453d4 100644 (file)
--- a/spnegokrb5/der_get.c
+++ b/spnegokrb5/der_get.c
@@ -151,7 +151,7 @@ der_get_oid (const unsigned char *p, size_t len,
     if (len < 1)
        return ASN1_OVERRUN;
 
-    data->components = malloc(len * sizeof(*data->components));
+    data->components = malloc((len + 1) * sizeof(*data->components));
     if (data->components == NULL && len != 0)
        return ENOMEM;
     data->components[0] = (*p) / 40;

diff --git a/src/mod_auth_kerb.c b/src/mod_auth_kerb.c
index c81d16c..e99f366 100644 (file)
--- a/src/mod_auth_kerb.c
+++ b/src/mod_auth_kerb.c
@@ -50,7 +50,7 @@
 #include <stdio.h>
 #include <stdarg.h>
 
-#define MODAUTHKERB_VERSION "5.2"
+#define MODAUTHKERB_VERSION "5.3"
 
 #define MECH_NEGOTIATE "Negotiate"
 #define SERVICE_NAME "HTTP"