check size of rlen

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11485 ec53bebd-3082-4978-b11e-865c3cabbd6b
2002-10-21 12:35:07 +00:00
parent 90ae3b7af8
commit d38d9a490c
1 changed files with 7 additions and 0 deletions
--- a/kadmin/version4.c
+++ b/kadmin/version4.c
@@ -822,6 +822,13 @@ decode_packet(krb5_context context,
    off += _krb5_get_int(msg + off, &rlen, 4);
    memset(&authent, 0, sizeof(authent));
    authent.length = message.length - rlen - KADM_VERSIZE - 4;
+
+    if(authent.length >= MAX_KTXT_LEN) {
+	krb5_warnx(context, "received bad rlen (%lu)", (unsigned long)rlen);
+	make_you_loose_packet (KADM_LENGTH_ERROR, reply);
+	return;
+    }
+
    memcpy(authent.dat, (char*)msg + off, authent.length);
    off += authent.length;