From d07d93ce3546bc64ea203ab9971c48ccf667a7fa Mon Sep 17 00:00:00 2001
From: Nicolas Williams <nico@cryptonector.com>
Date: Wed, 18 Mar 2015 22:25:36 -0500
Subject: [PATCH] Bounds check in aname2lname

---
 lib/krb5/aname_to_localname.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/lib/krb5/aname_to_localname.c b/lib/krb5/aname_to_localname.c
index 5123eb3f1..9dd44afdf 100644
--- a/lib/krb5/aname_to_localname.c
+++ b/lib/krb5/aname_to_localname.c
@@ -437,8 +437,13 @@ an2ln_def_plug_an2ln(void *plug_ctx, krb5_context context,
 	    ret = KRB5_NO_LOCALNAME;
 	    goto cleanup;
 	}
-	ret = set_res_f(set_res_ctx, heim_data_get_ptr(v));
+        value = strndup(heim_data_get_ptr(v), heim_data_get_length(v));
 	heim_release(v);
+        if (value == NULL) {
+            ret = krb5_enomem(context);
+            goto cleanup;
+        }
+	ret = set_res_f(set_res_ctx, value);
     }
 
 cleanup: