This patch fixes a buffer overrun in libkrb.

Apply by doing:
      cd /usr/src
      patch -p0 < 009_kerberos2.patch

And rebuild libkrb by doing:
      cd kerberosIV/lib/krb
      make obj
      make
      make install

Since all 2.8 architectures use shared libraries, this fix does not
require recompilation of binaries.  To effect this change, it may be
neccessary to reboot the system, so that any utilities using libkrb
which are currently running will restart.

Index: kerberosIV/src/lib/krb/kdc_reply.c
===================================================================
RCS file: /cvs/src/kerberosIV/src/lib/krb/kdc_reply.c,v
retrieving revision 1.1.1.2
retrieving revision 1.1.1.3
diff -u -w -r1.1.1.2 -r1.1.1.3
--- kerberosIV/src/lib/krb/kdc_reply.c	2000/07/11 09:06:40	1.1.1.2
+++ kerberosIV/src/lib/krb/kdc_reply.c	2000/12/10 19:05:29	1.1.1.3
@@ -33,7 +33,7 @@
 
 #include "krb_locl.h"
 
-RCSID("$KTH: kdc_reply.c,v 1.12.2.1 2000/06/23 03:30:42 assar Exp $");
+RCSID("$KTH: kdc_reply.c,v 1.12.2.2 2000/12/04 14:34:28 assar Exp $");
 
 static int little_endian; /* XXX ugly */
 
@@ -124,6 +124,9 @@
     p += krb_get_int(p, &exp_date, 4, little_endian);
     p++; /* master key version number */
     p += krb_get_int(p, &clen, 2, little_endian);
+    if (reply->length - (p - reply->dat) < clen)
+	return INTK_PROT;
+
     cip->length = clen;
     memcpy(cip->dat, p, clen);
     p += clen;