merge fix from vendor for removing buffer overrun

author: assar <assar@FreeBSD.org> 2000-12-10 21:00:35 +0000
committer: assar <assar@FreeBSD.org> 2000-12-10 21:00:35 +0000
commit: 32ce969d51756de86d53a1779b7fd3c5e8102afc (patch)
tree: 6a500bb940c38754eefa80c7ec7825fdcb3a5487 /crypto
parent: 2fe34f87efd142240e7e03443d7b63f79e6cd8ca (diff)
download: FreeBSD-src-32ce969d51756de86d53a1779b7fd3c5e8102afc.zip
FreeBSD-src-32ce969d51756de86d53a1779b7fd3c5e8102afc.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/crypto/kerberosIV/lib/krb/kdc_reply.c b/crypto/kerberosIV/lib/krb/kdc_reply.c
index 7a069e4..2c940ec 100644
--- a/crypto/kerberosIV/lib/krb/kdc_reply.c
+++ b/crypto/kerberosIV/lib/krb/kdc_reply.c
@@ -121,6 +121,9 @@ kdc_reply_cipher(KTEXT reply, KTEXT cip)
     p += krb_get_int(p, &exp_date, 4, little_endian);
     p++; /* master key version number */
     p += krb_get_int(p, &clen, 2, little_endian);
+    if (reply->length - (p - reply->dat) < clen)
+	return INTK_PROT;
+
     cip->length = clen;
     memcpy(cip->dat, p, clen);
     p += clen;
author	assar <assar@FreeBSD.org>	2000-12-10 21:00:35 +0000
committer	assar <assar@FreeBSD.org>	2000-12-10 21:00:35 +0000
commit	32ce969d51756de86d53a1779b7fd3c5e8102afc (patch)
tree	6a500bb940c38754eefa80c7ec7825fdcb3a5487 /crypto
parent	2fe34f87efd142240e7e03443d7b63f79e6cd8ca (diff)
download	FreeBSD-src-32ce969d51756de86d53a1779b7fd3c5e8102afc.zip FreeBSD-src-32ce969d51756de86d53a1779b7fd3c5e8102afc.tar.gz