bound data returned to size of buffer

This commit is contained in:
Love Hornquist Astrand
2012-11-27 21:48:50 -08:00
parent 764e701e2d
commit 50055fe3c4

View File

@@ -302,6 +302,10 @@ process_reply (krb5_context context,
_krb5_get_int(reply, &size, 4);
if (size + 4 < len)
continue;
if (sizeof(reply) - 4 < size) {
krb5_set_error_message(context, ERANGE, "size from server too large %s", host);
return ERANGE;
}
memmove(reply, reply + 4, size);
len = size;
break;