diff options
author | Assar Westerlund <assar@FreeBSD.org> | 2002-10-22 02:13:32 +0000 |
---|---|---|
committer | Assar Westerlund <assar@FreeBSD.org> | 2002-10-22 02:13:32 +0000 |
commit | 5ead950622ac8fcd1e64e19ac09cfc7ddbcf41bc (patch) | |
tree | a6b0a4de13fdebc743f637901369efa0cc711663 | |
parent | 1b3f4135a5c886e8074aaf00f713a106a724683c (diff) | |
download | src-test2-5ead950622ac8fcd1e64e19ac09cfc7ddbcf41bc.tar.gz src-test2-5ead950622ac8fcd1e64e19ac09cfc7ddbcf41bc.zip |
import 1.27 to fix buffer overflow:
check size of rlen
Obtained from: Heimdal CVS
Notes
Notes:
svn path=/vendor-crypto/heimdal/dist/; revision=105672
-rw-r--r-- | crypto/heimdal/kadmin/version4.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/crypto/heimdal/kadmin/version4.c b/crypto/heimdal/kadmin/version4.c index 9dec87cd46bc..f4c6b0842045 100644 --- a/crypto/heimdal/kadmin/version4.c +++ b/crypto/heimdal/kadmin/version4.c @@ -41,7 +41,7 @@ #include <krb_err.h> #include <kadm_err.h> -RCSID("$Id: version4.c,v 1.26 2002/09/10 15:20:46 joda Exp $"); +RCSID("$Id: version4.c,v 1.27 2002/10/21 12:35:07 joda Exp $"); #define KADM_NO_OPCODE -1 #define KADM_NO_ENCRYPT -2 @@ -822,6 +822,13 @@ decode_packet(krb5_context context, off += _krb5_get_int(msg + off, &rlen, 4); memset(&authent, 0, sizeof(authent)); authent.length = message.length - rlen - KADM_VERSIZE - 4; + + if(authent.length >= MAX_KTXT_LEN) { + krb5_warnx(context, "received bad rlen (%lu)", (unsigned long)rlen); + make_you_loose_packet (KADM_LENGTH_ERROR, reply); + return; + } + memcpy(authent.dat, (char*)msg + off, authent.length); off += authent.length; |