author: Assar Westerlund <assar@FreeBSD.org> 2002-10-22 03:43:30 +0000
committer: Assar Westerlund <assar@FreeBSD.org> 2002-10-22 03:43:30 +0000
commit: 739d290a6c0e8dd0d93c8ef4ab4836c95dbd70d4 (patch)
tree: 72a00c3c76489826910b918d3d048baefcce2662
parent: bfa4d536d2d3e0d3891800c20dab968b7c9e155c (diff)
download: src-test2-739d290a6c0e8dd0d93c8ef4ab4836c95dbd70d4.tar.gz
src-test2-739d290a6c0e8dd0d93c8ef4ab4836c95dbd70d4.zip
1 files changed, 8 insertions, 1 deletions
diff --git a/crypto/heimdal/kadmin/version4.c b/crypto/heimdal/kadmin/version4.c
index 9dec87cd46bc..f4c6b0842045 100644
--- a/crypto/heimdal/kadmin/version4.c
+++ b/crypto/heimdal/kadmin/version4.c
@@ -41,7 +41,7 @@
 #include <krb_err.h>
 #include <kadm_err.h>
 
-RCSID("$Id: version4.c,v 1.26 2002/09/10 15:20:46 joda Exp $");
+RCSID("$Id: version4.c,v 1.27 2002/10/21 12:35:07 joda Exp $");
 
 #define KADM_NO_OPCODE -1
 #define KADM_NO_ENCRYPT -2
@@ -822,6 +822,13 @@ decode_packet(krb5_context context,
     off += _krb5_get_int(msg + off, &rlen, 4);
     memset(&authent, 0, sizeof(authent));
     authent.length = message.length - rlen - KADM_VERSIZE - 4;
+
+    if(authent.length >= MAX_KTXT_LEN) {
+	krb5_warnx(context, "received bad rlen (%lu)", (unsigned long)rlen);
+	make_you_loose_packet (KADM_LENGTH_ERROR, reply);
+	return;
+    }
+
     memcpy(authent.dat, (char*)msg + off, authent.length);
     off += authent.length;
author	Assar Westerlund <assar@FreeBSD.org>	2002-10-22 03:43:30 +0000
committer	Assar Westerlund <assar@FreeBSD.org>	2002-10-22 03:43:30 +0000
commit	739d290a6c0e8dd0d93c8ef4ab4836c95dbd70d4 (patch)
tree	72a00c3c76489826910b918d3d048baefcce2662
parent	bfa4d536d2d3e0d3891800c20dab968b7c9e155c (diff)
download	src-test2-739d290a6c0e8dd0d93c8ef4ab4836c95dbd70d4.tar.gz src-test2-739d290a6c0e8dd0d93c8ef4ab4836c95dbd70d4.zip