From 50055fe3c4d3865b93bce2a965a2b881299b870b Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Tue, 27 Nov 2012 21:48:50 -0800 Subject: [PATCH] bound data returned to size of buffer --- lib/krb5/changepw.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/krb5/changepw.c b/lib/krb5/changepw.c index 1e7cd0d46..10479dcd5 100644 --- a/lib/krb5/changepw.c +++ b/lib/krb5/changepw.c @@ -302,6 +302,10 @@ process_reply (krb5_context context, _krb5_get_int(reply, &size, 4); if (size + 4 < len) continue; + if (sizeof(reply) - 4 < size) { + krb5_set_error_message(context, ERANGE, "size from server too large %s", host); + return ERANGE; + } memmove(reply, reply + 4, size); len = size; break;