From bc13d2aefa316c7253dc3e544c2cc861b8a46ca0 Mon Sep 17 00:00:00 2001 From: joda Date: Mon, 21 Oct 2002 19:39:51 +0000 Subject: [PATCH] don't blindly trust rlen; from Heimdal 0.5.1 --- crypto/dist/heimdal/kadmin/version4.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/crypto/dist/heimdal/kadmin/version4.c b/crypto/dist/heimdal/kadmin/version4.c index d2a9b4a9dc91..471cd1d70e27 100644 --- a/crypto/dist/heimdal/kadmin/version4.c +++ b/crypto/dist/heimdal/kadmin/version4.c @@ -42,7 +42,7 @@ #include __RCSID("$Heimdal: version4.c,v 1.26 2002/09/10 15:20:46 joda Exp $" - "$NetBSD: version4.c,v 1.1.1.4 2002/09/12 12:41:39 joda Exp $"); + "$NetBSD: version4.c,v 1.2 2002/10/21 19:39:51 joda Exp $"); #define KADM_NO_OPCODE -1 #define KADM_NO_ENCRYPT -2 @@ -823,6 +823,13 @@ decode_packet(krb5_context context, off += _krb5_get_int(msg + off, &rlen, 4); memset(&authent, 0, sizeof(authent)); authent.length = message.length - rlen - KADM_VERSIZE - 4; + + if(authent.length >= MAX_KTXT_LEN) { + krb5_warnx(context, "received bad rlen (%lu)", (unsigned long)rlen); + make_you_loose_packet (KADM_LENGTH_ERROR, reply); + return; + } + memcpy(authent.dat, (char*)msg + off, authent.length); off += authent.length;