diff options
Diffstat (limited to 'src/lib/gssapi/krb5/k5sealv3.c')
-rw-r--r-- | src/lib/gssapi/krb5/k5sealv3.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/lib/gssapi/krb5/k5sealv3.c b/src/lib/gssapi/krb5/k5sealv3.c index e881eee..d3210c1 100644 --- a/src/lib/gssapi/krb5/k5sealv3.c +++ b/src/lib/gssapi/krb5/k5sealv3.c @@ -400,10 +400,15 @@ gss_krb5int_unseal_token_v3(krb5_context *contextptr, /* Don't use bodysize here! Use the fact that cipher.ciphertext.length has been adjusted to the correct length. */ + if (plain.length < 16 + ec) { + free(plain.data); + goto defective; + } althdr = (unsigned char *)plain.data + plain.length - 16; if (load_16_be(althdr) != KG2_TOK_WRAP_MSG || althdr[2] != ptr[2] || althdr[3] != ptr[3] + || load_16_be(althdr+4) != ec || memcmp(althdr+8, ptr+8, 8)) { free(plain.data); goto defective; |