diff options
author | assar <assar@FreeBSD.org> | 2000-12-10 21:00:35 +0000 |
---|---|---|
committer | assar <assar@FreeBSD.org> | 2000-12-10 21:00:35 +0000 |
commit | 32ce969d51756de86d53a1779b7fd3c5e8102afc (patch) | |
tree | 6a500bb940c38754eefa80c7ec7825fdcb3a5487 /crypto | |
parent | 2fe34f87efd142240e7e03443d7b63f79e6cd8ca (diff) | |
download | FreeBSD-src-32ce969d51756de86d53a1779b7fd3c5e8102afc.zip FreeBSD-src-32ce969d51756de86d53a1779b7fd3c5e8102afc.tar.gz |
merge fix from vendor for removing buffer overrun
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/kerberosIV/lib/krb/kdc_reply.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/crypto/kerberosIV/lib/krb/kdc_reply.c b/crypto/kerberosIV/lib/krb/kdc_reply.c index 7a069e4..2c940ec 100644 --- a/crypto/kerberosIV/lib/krb/kdc_reply.c +++ b/crypto/kerberosIV/lib/krb/kdc_reply.c @@ -121,6 +121,9 @@ kdc_reply_cipher(KTEXT reply, KTEXT cip) p += krb_get_int(p, &exp_date, 4, little_endian); p++; /* master key version number */ p += krb_get_int(p, &clen, 2, little_endian); + if (reply->length - (p - reply->dat) < clen) + return INTK_PROT; + cip->length = clen; memcpy(cip->dat, p, clen); p += clen; |