diff options
| author | Markus Friedl <markus@cvs.openbsd.org> | 2002-03-14 15:24:28 +0000 |
|---|---|---|
| committer | Markus Friedl <markus@cvs.openbsd.org> | 2002-03-14 15:24:28 +0000 |
| commit | 90707d14e21ee333040b9f0148684dd907db9151 (patch) | |
| tree | 7792be13c8719beecb539a3bbfbe69f46f0f3485 | |
| parent | 589df74d6e3673fb8255ea0f6dbe205b69a73683 (diff) | |
don't trust size sent by (rogue) server; noted by s.esser@e-matters.de
| -rw-r--r-- | usr.bin/ssh/sshconnect1.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/usr.bin/ssh/sshconnect1.c b/usr.bin/ssh/sshconnect1.c index d7722f4b9bf..393694138f6 100644 --- a/usr.bin/ssh/sshconnect1.c +++ b/usr.bin/ssh/sshconnect1.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect1.c,v 1.48 2002/02/11 16:15:46 markus Exp $"); +RCSID("$OpenBSD: sshconnect1.c,v 1.49 2002/03/14 15:24:27 markus Exp $"); #include <openssl/bn.h> #include <openssl/md5.h> @@ -459,6 +459,8 @@ try_krb4_authentication(void) /* Get server's response. */ reply = packet_get_string((u_int *) &auth.length); + if (auth.length >= MAX_KTXT_LEN) + fatal("Kerberos v4: Malformed response from server"); memcpy(auth.dat, reply, auth.length); xfree(reply); |