oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

(gssapi_krb5_verify_header): sanity-check length

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@8873 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Assar Westerlund
2000-07-29 05:48:13 +00:00
parent d6ac67fda3
commit 66dc0b483c
2 changed files with 10 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
lib/gssapi/decapsulate.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997 Kungliga Tekniska H<>gskolan * Copyright (c) 1997 - 2000 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -44,18 +44,20 @@ gssapi_krb5_verify_header(u_char **str,
int e; int e;
u_char *p = *str; u_char *p = *str;
if (total_len < 1)
return GSS_S_DEFECTIVE_TOKEN;
if (*p++ != 0x60) if (*p++ != 0x60)
return GSS_S_DEFECTIVE_TOKEN; return GSS_S_DEFECTIVE_TOKEN;
e = der_get_length (p, total_len - 1, &len, &len_len); e = der_get_length (p, total_len - 1, &len, &len_len);
if (e || 1 + len_len + len != total_len) if (e || 1 + len_len + len != total_len)
abort (); return GSS_S_DEFECTIVE_TOKEN;
p += len_len; p += len_len;
if (*p++ != 0x06) if (*p++ != 0x06)
return GSS_S_DEFECTIVE_TOKEN; return GSS_S_DEFECTIVE_TOKEN;
e = der_get_length (p, total_len - 1 - len_len - 1, e = der_get_length (p, total_len - 1 - len_len - 1,
&mech_len, &foo); &mech_len, &foo);
if (e) if (e)
abort (); return GSS_S_DEFECTIVE_TOKEN;
p += foo; p += foo;
if (mech_len != GSS_KRB5_MECHANISM->length) if (mech_len != GSS_KRB5_MECHANISM->length)
return GSS_S_BAD_MECH; return GSS_S_BAD_MECH;

8
lib/gssapi/krb5/decapsulate.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997 Kungliga Tekniska H<>gskolan * Copyright (c) 1997 - 2000 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -44,18 +44,20 @@ gssapi_krb5_verify_header(u_char **str,
int e; int e;
u_char *p = *str; u_char *p = *str;
if (total_len < 1)
return GSS_S_DEFECTIVE_TOKEN;
if (*p++ != 0x60) if (*p++ != 0x60)
return GSS_S_DEFECTIVE_TOKEN; return GSS_S_DEFECTIVE_TOKEN;
e = der_get_length (p, total_len - 1, &len, &len_len); e = der_get_length (p, total_len - 1, &len, &len_len);
if (e || 1 + len_len + len != total_len) if (e || 1 + len_len + len != total_len)
abort (); return GSS_S_DEFECTIVE_TOKEN;
p += len_len; p += len_len;
if (*p++ != 0x06) if (*p++ != 0x06)
return GSS_S_DEFECTIVE_TOKEN; return GSS_S_DEFECTIVE_TOKEN;
e = der_get_length (p, total_len - 1 - len_len - 1, e = der_get_length (p, total_len - 1 - len_len - 1,
&mech_len, &foo); &mech_len, &foo);
if (e) if (e)
abort (); return GSS_S_DEFECTIVE_TOKEN;
p += foo; p += foo;
if (mech_len != GSS_KRB5_MECHANISM->length) if (mech_len != GSS_KRB5_MECHANISM->length)
return GSS_S_BAD_MECH; return GSS_S_BAD_MECH;