From d38d9a490c51df4938e7a705ff20ec11d5020463 Mon Sep 17 00:00:00 2001 From: Johan Danielsson Date: Mon, 21 Oct 2002 12:35:07 +0000 Subject: [PATCH] check size of rlen git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11485 ec53bebd-3082-4978-b11e-865c3cabbd6b --- kadmin/version4.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/kadmin/version4.c b/kadmin/version4.c index 3bee407ea..a593e9d52 100644 --- a/kadmin/version4.c +++ b/kadmin/version4.c @@ -822,6 +822,13 @@ decode_packet(krb5_context context, off += _krb5_get_int(msg + off, &rlen, 4); memset(&authent, 0, sizeof(authent)); authent.length = message.length - rlen - KADM_VERSIZE - 4; + + if(authent.length >= MAX_KTXT_LEN) { + krb5_warnx(context, "received bad rlen (%lu)", (unsigned long)rlen); + make_you_loose_packet (KADM_LENGTH_ERROR, reply); + return; + } + memcpy(authent.dat, (char*)msg + off, authent.length); off += authent.length;