[src/netbsd-1-5]: src/crypto/dist/krb4/lib/krb Pullup 1.2 [assar]:

[tv <tv%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/f69bb6e1fbd0
branches:  netbsd-1-5
changeset: 490296:f69bb6e1fbd0
user:      tv <tv%NetBSD.org@localhost>
date:      Tue Dec 12 21:56:37 2000 +0000

description:
Pullup 1.2 [assar]:
(kdc_reply_cipher): fix buffer over-run

diffstat:

 crypto/dist/krb4/lib/krb/kdc_reply.c |  5 ++++-
 1 files changed, 4 insertions(+), 1 deletions(-)

diffs (22 lines):

diff -r 751f1fdd7617 -r f69bb6e1fbd0 crypto/dist/krb4/lib/krb/kdc_reply.c
--- a/crypto/dist/krb4/lib/krb/kdc_reply.c      Tue Dec 12 21:56:15 2000 +0000
+++ b/crypto/dist/krb4/lib/krb/kdc_reply.c      Tue Dec 12 21:56:37 2000 +0000
@@ -33,7 +33,7 @@
 
 #include "krb_locl.h"
 
-RCSID("$Id: kdc_reply.c,v 1.1.1.1 2000/06/16 18:45:53 thorpej Exp $");
+RCSID("$Id: kdc_reply.c,v 1.1.1.1.2.1 2000/12/12 21:56:37 tv Exp $");
 
 static int little_endian; /* XXX ugly */
 
@@ -121,6 +121,9 @@
     p += krb_get_int(p, &exp_date, 4, little_endian);
     p++; /* master key version number */
     p += krb_get_int(p, &clen, 2, little_endian);
+    if (reply->length - (p - reply->dat) < clen)
+       return INTK_PROT;
+
     cip->length = clen;
     memcpy(cip->dat, p, clen);
     p += clen;