oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Verify the combined lengths of the KRB_AP_REP and KRB_PRIV in the set

Browse Source 
password response.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11337 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Jacques A. Vidrine
2002-09-03 16:14:34 +00:00
parent 084816d5ec
commit 430a7ebc58
1 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
lib/krb5/changepw.c
View File

@@ -144,7 +144,7 @@ process_reply (krb5_context context,
u_char reply[BUFSIZ]; u_char reply[BUFSIZ];
size_t len; size_t len;
u_int16_t pkt_len, pkt_ver; u_int16_t pkt_len, pkt_ver;
krb5_data ap_rep_data; krb5_data ap_rep_data, priv_data;
int save_errno; int save_errno;
ret = recvfrom (sock, reply, sizeof(reply), 0, NULL, NULL); ret = recvfrom (sock, reply, sizeof(reply), 0, NULL, NULL);
@@ -173,10 +173,13 @@ process_reply (krb5_context context,
ap_rep_data.data = reply + 6; ap_rep_data.data = reply + 6;
ap_rep_data.length = (reply[4] << 8) | (reply[5]); ap_rep_data.length = (reply[4] << 8) | (reply[5]);
priv_data.data = (u_char*)ap_rep_data.data + ap_rep_data.length;
priv_data.length = len - ap_rep_data.length - 6;
if ((u_char *)priv_data.data + priv_data.length >= reply + len)
return KRB5_KPASSWD_MALFORMED;
if (ap_rep_data.length) { if (ap_rep_data.length) {
krb5_ap_rep_enc_part *ap_rep; krb5_ap_rep_enc_part *ap_rep;
krb5_data priv_data;
u_char *p; u_char *p;
ret = krb5_rd_rep (context, ret = krb5_rd_rep (context,
@@ -188,9 +191,6 @@ process_reply (krb5_context context,
krb5_free_ap_rep_enc_part (context, ap_rep); krb5_free_ap_rep_enc_part (context, ap_rep);
priv_data.data = (u_char*)ap_rep_data.data + ap_rep_data.length;
priv_data.length = len - ap_rep_data.length - 6;
ret = krb5_rd_priv (context, ret = krb5_rd_priv (context,
auth_context, auth_context,
&priv_data, &priv_data,