fix CVE-2007-5902: integer overflow in svcauth_gss_get_principal()

ticket: 5855 target_version: 1.6.4 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20181 dc483132-0cff-0310-8789-dd5450dbe970
author: Tom Yu <tlyu@mit.edu> 2007-12-14 05:01:23 +0000
committer: Tom Yu <tlyu@mit.edu> 2007-12-14 05:01:23 +0000
commit: 01b3b9cbb23f8e8790ba0daeac24667c4f9f34ea (patch)
tree: 8fe3d75ee532778d5ff606c1fe4f3cc29d30090a /src/lib/rpc
parent: 37b576d8561956162dcba324dd94f112c6a5b222 (diff)
download: krb5-01b3b9cbb23f8e8790ba0daeac24667c4f9f34ea.zip
krb5-01b3b9cbb23f8e8790ba0daeac24667c4f9f34ea.tar.gz
krb5-01b3b9cbb23f8e8790ba0daeac24667c4f9f34ea.tar.bz2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/lib/rpc/svc_auth_gss.c b/src/lib/rpc/svc_auth_gss.c
index 1b2fa1e..8b82291 100644
--- a/src/lib/rpc/svc_auth_gss.c
+++ b/src/lib/rpc/svc_auth_gss.c
@@ -645,7 +645,7 @@ svcauth_gss_get_principal(SVCAUTH *auth)
 
 	gd = SVCAUTH_PRIVATE(auth);
 
-	if (gd->cname.length == 0)
+	if (gd->cname.length == 0 || gd->cname.length >= SIZE_MAX)
 		return (NULL);
 
 	if ((pname = malloc(gd->cname.length + 1)) == NULL)
author	Tom Yu <tlyu@mit.edu>	2007-12-14 05:01:23 +0000
committer	Tom Yu <tlyu@mit.edu>	2007-12-14 05:01:23 +0000
commit	01b3b9cbb23f8e8790ba0daeac24667c4f9f34ea (patch)
tree	8fe3d75ee532778d5ff606c1fe4f3cc29d30090a /src/lib/rpc
parent	37b576d8561956162dcba324dd94f112c6a5b222 (diff)
download	krb5-01b3b9cbb23f8e8790ba0daeac24667c4f9f34ea.zip krb5-01b3b9cbb23f8e8790ba0daeac24667c4f9f34ea.tar.gz krb5-01b3b9cbb23f8e8790ba0daeac24667c4f9f34ea.tar.bz2