From 7fbe96b164246aa276757654a2bb8dd152852fb0 Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Mon, 28 Sep 2009 20:35:13 -0700 Subject: [PATCH] Paranoid in checking that we parsed the complete buffer --- kdc/pkinit.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/kdc/pkinit.c b/kdc/pkinit.c index 0d00ef217..e839f30b5 100644 --- a/kdc/pkinit.c +++ b/kdc/pkinit.c @@ -1644,6 +1644,12 @@ match_ms_upn_san(krb5_context context, kdc_log(context, config, 0, "Decode of MS-UPN-SAN failed"); goto out; } + if (size != list.val[0].length) { + free_MS_UPN_SAN(&upn); + kdc_log(context, config, 0, "Trailing data in "); + ret = KRB5_KDC_ERR_CLIENT_NAME_MISMATCH; + goto out; + } kdc_log(context, config, 0, "found MS UPN SAN: %s", upn);