(spnego_reply): make sure the length of the choice element doesn't
overrun us git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13444 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
@@ -669,11 +669,14 @@ spnego_reply
|
||||
return GSS_S_BAD_MECH;
|
||||
|
||||
ret = der_match_tag_and_length((const char *)indata.data,
|
||||
indata.length - taglen,
|
||||
indata.length,
|
||||
CONTEXT, CONS, 1, &len, &taglen);
|
||||
if (ret)
|
||||
return ret;
|
||||
|
||||
if(len > indata.length - taglen)
|
||||
return ASN1_OVERRUN;
|
||||
|
||||
ret = decode_NegTokenTarg((const char *)indata.data + taglen,
|
||||
len, &targ, NULL);
|
||||
if (ret) {
|
||||
|
@@ -669,11 +669,14 @@ spnego_reply
|
||||
return GSS_S_BAD_MECH;
|
||||
|
||||
ret = der_match_tag_and_length((const char *)indata.data,
|
||||
indata.length - taglen,
|
||||
indata.length,
|
||||
CONTEXT, CONS, 1, &len, &taglen);
|
||||
if (ret)
|
||||
return ret;
|
||||
|
||||
if(len > indata.length - taglen)
|
||||
return ASN1_OVERRUN;
|
||||
|
||||
ret = decode_NegTokenTarg((const char *)indata.data + taglen,
|
||||
len, &targ, NULL);
|
||||
if (ret) {
|
||||
|
Reference in New Issue
Block a user