oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

(do_read): the encoded length can be longer than the buffer being

Browse Source 
used, allocate memory for it dynamically.  From Brian A May
<bmay@dgs.monash.edu.au>


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@7230 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Assar Westerlund
1999-10-26 04:14:36 +00:00
parent 227204d0a7
commit 1c689e0b5d
1 changed files with 9 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
appl/rsh/common.c
View File

@@ -56,20 +56,25 @@ do_read (int fd,
u_int32_t len, outer_len; u_int32_t len, outer_len;
int status; int status;
krb5_data data; krb5_data data;
void *edata;
ret = krb5_net_read (context, &fd, &len, 4); ret = krb5_net_read (context, &fd, &len, 4);
if (ret <= 0) if (ret <= 0)
return ret; return ret;
len = ntohl(len); len = ntohl(len);
outer_len = krb5_get_wrapped_length (context, crypto, len); if (len > sz)
if (outer_len > sz)
abort (); abort ();
ret = krb5_net_read (context, &fd, buf, outer_len); outer_len = krb5_get_wrapped_length (context, crypto, len);
edata = malloc (outer_len);
if (edata == NULL)
errx (1, "malloc: cannot allocate %u bytes", outer_len);
ret = krb5_net_read (context, &fd, edata, outer_len);
if (ret <= 0) if (ret <= 0)
return ret; return ret;
status = krb5_decrypt(context, crypto, KRB5_KU_OTHER_ENCRYPTED, status = krb5_decrypt(context, crypto, KRB5_KU_OTHER_ENCRYPTED,
buf, outer_len, &data); edata, outer_len, &data);
free (edata);
if (status) if (status)
errx (1, "%s", krb5_get_err_text (context, status)); errx (1, "%s", krb5_get_err_text (context, status));