[src/trunk]: src/crypto/dist/krb4/lib/krb (kdc_reply_cipher): fix buffer over...

[assar <assar%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/044ad4c9bef6
branches:  trunk
changeset: 500254:044ad4c9bef6
user:      assar <assar%NetBSD.org@localhost>
date:      Sat Dec 09 00:53:21 2000 +0000

description:
(kdc_reply_cipher): fix buffer over-run

diffstat:

 crypto/dist/krb4/lib/krb/kdc_reply.c |  5 ++++-
 1 files changed, 4 insertions(+), 1 deletions(-)

diffs (22 lines):

diff -r 737bb3052278 -r 044ad4c9bef6 crypto/dist/krb4/lib/krb/kdc_reply.c
--- a/crypto/dist/krb4/lib/krb/kdc_reply.c      Sat Dec 09 00:51:46 2000 +0000
+++ b/crypto/dist/krb4/lib/krb/kdc_reply.c      Sat Dec 09 00:53:21 2000 +0000
@@ -33,7 +33,7 @@
 
 #include "krb_locl.h"
 
-RCSID("$Id: kdc_reply.c,v 1.1.1.1 2000/06/16 18:45:53 thorpej Exp $");
+RCSID("$Id: kdc_reply.c,v 1.2 2000/12/09 00:53:21 assar Exp $");
 
 static int little_endian; /* XXX ugly */
 
@@ -121,6 +121,9 @@
     p += krb_get_int(p, &exp_date, 4, little_endian);
     p++; /* master key version number */
     p += krb_get_int(p, &clen, 2, little_endian);
+    if (reply->length - (p - reply->dat) < clen)
+       return INTK_PROT;
+
     cip->length = clen;
     memcpy(cip->dat, p, clen);
     p += clen;