aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAssar Westerlund <assar@FreeBSD.org>2000-12-10 21:00:35 +0000
committerAssar Westerlund <assar@FreeBSD.org>2000-12-10 21:00:35 +0000
commit7a7ff9f80d33b1e3d60068aecda75a282e836b81 (patch)
tree6a500bb940c38754eefa80c7ec7825fdcb3a5487
parentfcbc584c3b3186fb9d39b27cfa2c73f110d05dbd (diff)
downloadsrc-7a7ff9f80d33b1e3d60068aecda75a282e836b81.tar.gz
src-7a7ff9f80d33b1e3d60068aecda75a282e836b81.zip
merge fix from vendor for removing buffer overrun
Notes
Notes: svn path=/vendor-crypto/kerberosIV/dist/; revision=69833
-rw-r--r--crypto/kerberosIV/lib/krb/kdc_reply.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/crypto/kerberosIV/lib/krb/kdc_reply.c b/crypto/kerberosIV/lib/krb/kdc_reply.c
index 7a069e42efd2..2c940eca0a24 100644
--- a/crypto/kerberosIV/lib/krb/kdc_reply.c
+++ b/crypto/kerberosIV/lib/krb/kdc_reply.c
@@ -121,6 +121,9 @@ kdc_reply_cipher(KTEXT reply, KTEXT cip)
p += krb_get_int(p, &exp_date, 4, little_endian);
p++; /* master key version number */
p += krb_get_int(p, &clen, 2, little_endian);
+ if (reply->length - (p - reply->dat) < clen)
+ return INTK_PROT;
+
cip->length = clen;
memcpy(cip->dat, p, clen);
p += clen;