oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

(decode_packet): check the length of the version string and that rlen

Browse Source 
has a reasonable value


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11524 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Assar Westerlund
2002-10-23 06:20:26 +00:00
parent d0f1b9e464
commit 03917e91a0
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
kadmin/version4.c
View File

@@ -812,7 +812,7 @@ decode_packet(krb5_context context,
char *client_str; char *client_str;
krb5_keytab_entry entry; krb5_keytab_entry entry;
if(message.length < KADM_VERSIZE if(message.length < KADM_VERSIZE + 4
|| strncmp(msg, KADM_VERSTR, KADM_VERSIZE) != 0) { || strncmp(msg, KADM_VERSTR, KADM_VERSIZE) != 0) {
make_you_loose_packet (KADM_BAD_VER, reply); make_you_loose_packet (KADM_BAD_VER, reply);
return; return;
@@ -823,7 +823,8 @@ decode_packet(krb5_context context,
memset(&authent, 0, sizeof(authent)); memset(&authent, 0, sizeof(authent));
authent.length = message.length - rlen - KADM_VERSIZE - 4; authent.length = message.length - rlen - KADM_VERSIZE - 4;
if(authent.length >= MAX_KTXT_LEN) { if(rlen > message.length - KADM_VERSIZE - 4
|| authent.length > MAX_KTXT_LEN) {
krb5_warnx(context, "received bad rlen (%lu)", (unsigned long)rlen); krb5_warnx(context, "received bad rlen (%lu)", (unsigned long)rlen);
make_you_loose_packet (KADM_LENGTH_ERROR, reply); make_you_loose_packet (KADM_LENGTH_ERROR, reply);
return; return;