From 77c4778b713c0289504235ae0611aae38ee6c6f2 Mon Sep 17 00:00:00 2001 From: Johan Danielsson Date: Sun, 29 Sep 2002 11:48:34 +0000 Subject: [PATCH] (process_reply): fix reply length check calculation (reported by various people) git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11473 ec53bebd-3082-4978-b11e-865c3cabbd6b --- lib/krb5/changepw.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/krb5/changepw.c b/lib/krb5/changepw.c index da2b2930f..a50f56d2e 100644 --- a/lib/krb5/changepw.c +++ b/lib/krb5/changepw.c @@ -175,7 +175,7 @@ process_reply (krb5_context context, ap_rep_data.length = (reply[4] << 8) | (reply[5]); priv_data.data = (u_char*)ap_rep_data.data + ap_rep_data.length; priv_data.length = len - ap_rep_data.length - 6; - if ((u_char *)priv_data.data + priv_data.length >= reply + len) + if ((u_char *)priv_data.data + priv_data.length > reply + len) return KRB5_KPASSWD_MALFORMED; if (ap_rep_data.length) {