fix CVE-2007-5902: integer overflow in svcauth_gss_get_principal()
authorTom Yu <tlyu@mit.edu>
Fri, 14 Dec 2007 05:01:23 +0000 (05:01 +0000)
committerTom Yu <tlyu@mit.edu>
Fri, 14 Dec 2007 05:01:23 +0000 (05:01 +0000)
ticket: 5855
target_version: 1.6.4
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20181 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/rpc/svc_auth_gss.c

index 1b2fa1e1497e38cdcf425c186bf836d48a2524d0..8b82291a000c59db9e3bb49eb2d107b745acf38c 100644 (file)
@@ -645,7 +645,7 @@ svcauth_gss_get_principal(SVCAUTH *auth)
 
        gd = SVCAUTH_PRIVATE(auth);
 
-       if (gd->cname.length == 0)
+       if (gd->cname.length == 0 || gd->cname.length >= SIZE_MAX)
                return (NULL);
 
        if ((pname = malloc(gd->cname.length + 1)) == NULL)