From 32ce969d51756de86d53a1779b7fd3c5e8102afc Mon Sep 17 00:00:00 2001
From: assar <assar@FreeBSD.org>
Date: Sun, 10 Dec 2000 21:00:35 +0000
Subject: merge fix from vendor for removing buffer overrun

---
 crypto/kerberosIV/lib/krb/kdc_reply.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'crypto/kerberosIV')

diff --git a/crypto/kerberosIV/lib/krb/kdc_reply.c b/crypto/kerberosIV/lib/krb/kdc_reply.c
index 7a069e4..2c940ec 100644
--- a/crypto/kerberosIV/lib/krb/kdc_reply.c
+++ b/crypto/kerberosIV/lib/krb/kdc_reply.c
@@ -121,6 +121,9 @@ kdc_reply_cipher(KTEXT reply, KTEXT cip)
     p += krb_get_int(p, &exp_date, 4, little_endian);
     p++; /* master key version number */
     p += krb_get_int(p, &clen, 2, little_endian);
+    if (reply->length - (p - reply->dat) < clen)
+	return INTK_PROT;
+
     cip->length = clen;
     memcpy(cip->dat, p, clen);
     p += clen;
-- 
cgit v1.1