(gssapi_krb5_verify_header): sanity-check length

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@8873 ec53bebd-3082-4978-b11e-865c3cabbd6b

lib/gssapi/decapsulate.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 Kungliga Tekniska H<>gskolan
+ * Copyright (c) 1997 - 2000 Kungliga Tekniska H<>gskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -44,18 +44,20 @@ gssapi_krb5_verify_header(u_char **str,
     int e;
     u_char *p = *str;
 
+    if (total_len < 1)
+	return GSS_S_DEFECTIVE_TOKEN;
     if (*p++ != 0x60)
 	return GSS_S_DEFECTIVE_TOKEN;
     e = der_get_length (p, total_len - 1, &len, &len_len);
     if (e || 1 + len_len + len != total_len)
-	abort ();
+	return GSS_S_DEFECTIVE_TOKEN;
     p += len_len;
     if (*p++ != 0x06)
 	return GSS_S_DEFECTIVE_TOKEN;
     e = der_get_length (p, total_len - 1 - len_len - 1,
 			&mech_len, &foo);
     if (e)
-	abort ();
+	return GSS_S_DEFECTIVE_TOKEN;
     p += foo;
     if (mech_len != GSS_KRB5_MECHANISM->length)
 	return GSS_S_BAD_MECH;

lib/gssapi/krb5/decapsulate.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 Kungliga Tekniska H<>gskolan
+ * Copyright (c) 1997 - 2000 Kungliga Tekniska H<>gskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -44,18 +44,20 @@ gssapi_krb5_verify_header(u_char **str,
     int e;
     u_char *p = *str;
 
+    if (total_len < 1)
+	return GSS_S_DEFECTIVE_TOKEN;
     if (*p++ != 0x60)
 	return GSS_S_DEFECTIVE_TOKEN;
     e = der_get_length (p, total_len - 1, &len, &len_len);
     if (e || 1 + len_len + len != total_len)
-	abort ();
+	return GSS_S_DEFECTIVE_TOKEN;
     p += len_len;
     if (*p++ != 0x06)
 	return GSS_S_DEFECTIVE_TOKEN;
     e = der_get_length (p, total_len - 1 - len_len - 1,
 			&mech_len, &foo);
     if (e)
-	abort ();
+	return GSS_S_DEFECTIVE_TOKEN;
     p += foo;
     if (mech_len != GSS_KRB5_MECHANISM->length)
 	return GSS_S_BAD_MECH;