From f97f15a86c658fbd92f5435e9f1e4c35690eb5ca Mon Sep 17 00:00:00 2001
From: Love Hornquist Astrand <lha@h5l.org>
Date: Tue, 27 Nov 2012 22:01:37 -0800
Subject: [PATCH] bound len

---
 appl/test/nt_gss_common.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/appl/test/nt_gss_common.c b/appl/test/nt_gss_common.c
index f26a10223..617c18a37 100644
--- a/appl/test/nt_gss_common.c
+++ b/appl/test/nt_gss_common.c
@@ -86,6 +86,8 @@ nt_read_token (int sock, gss_buffer_t buf)
 	| (net_len[2] << 16)
 	| (net_len[3] << 24);
 
+    if (len > INT_MAX/16)
+	errx(1, "len too large");
     buf->length = len;
     buf->value  = malloc(len);
     if (read (sock, buf->value, len) != len)