(process_reply): fix reply length check calculation (reported by

various people) git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11473 ec53bebd-3082-4978-b11e-865c3cabbd6b
2002-09-29 11:48:34 +00:00
parent 2cf4b93b21
commit 77c4778b71
1 changed files with 1 additions and 1 deletions
--- a/lib/krb5/changepw.c
+++ b/lib/krb5/changepw.c
@@ -175,7 +175,7 @@ process_reply (krb5_context context,
    ap_rep_data.length  = (reply[4] << 8) | (reply[5]);
    priv_data.data   = (u_char*)ap_rep_data.data + ap_rep_data.length;
    priv_data.length = len - ap_rep_data.length - 6;
-    if ((u_char *)priv_data.data + priv_data.length >= reply + len)
+    if ((u_char *)priv_data.data + priv_data.length > reply + len)
 	return KRB5_KPASSWD_MALFORMED;
    if (ap_rep_data.length) {