From 931cb52294961d191971fd25f0411af3c7e56a00 Mon Sep 17 00:00:00 2001
From: Nicolas Williams <nico@cryptonector.com>
Date: Wed, 28 Dec 2011 17:50:30 -0600
Subject: [PATCH] Fix CVE-2011-4862 Buffer overflow in libtelnet/encrypt.c in
 telnetd

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4862
    http://security.freebsd.org/advisories/FreeBSD-SA-11:08.telnetd.asc
    http://security.freebsd.org/patches/SA-11:08/telnetd.patch
---
 appl/telnet/libtelnet/encrypt.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/appl/telnet/libtelnet/encrypt.c b/appl/telnet/libtelnet/encrypt.c
index 68e8bd686..58e081d42 100644
--- a/appl/telnet/libtelnet/encrypt.c
+++ b/appl/telnet/libtelnet/encrypt.c
@@ -736,6 +736,9 @@ encrypt_keyid(struct key_info *kp, unsigned char *keyid, int len)
     int dir = kp->dir;
     int ret = 0;
 
+    if (len > MAXKEYLEN)
+	len = MAXKEYLEN;
+
     if (!(ep = (*kp->getcrypt)(*kp->modep))) {
 	if (len == 0)
 	    return;
-- 
2.11.4.GIT