From 0da0d41d6afb7dbe6a683fa6554b54bb1fcb89c7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Mon, 6 Oct 2003 20:39:28 +0000
Subject: [PATCH] (do_getticket): if times data is shorter then 8 byte, request
 is mailformed.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12971 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 kdc/kaserver.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/kdc/kaserver.c b/kdc/kaserver.c
index 66691932d..fde417506 100644
--- a/kdc/kaserver.c
+++ b/kdc/kaserver.c
@@ -604,6 +604,11 @@ do_getticket (struct rx_header *hdr,
 
     unparse_getticket_args (sp, &kvno, &auth_domain, &aticket,
 			    &name, &instance, &times, &max_seq_len);
+    if (times.length < 8) {
+	make_error_reply (hdr, KABADREQUEST, reply);
+	goto out;
+	
+    }
 
     snprintf (server_name, sizeof(server_name),
 	      "%s.%s@%s", name, instance, v4_realm);