r20181@cathode-dark-space: tlyu | 2007-12-14 00:01:23 -0500
ticket: 5855
target_version: 1.6.4
tags: pullup
fix CVE-2007-5902: integer overflow in svcauth_gss_get_principal()
ticket: 5855
version_fixed: 1.6.4
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20185
dc483132-0cff-0310-8789-
dd5450dbe970
gd = SVCAUTH_PRIVATE(auth);
- if (gd->cname.length == 0)
+ if (gd->cname.length == 0 || gd->cname.length >= SIZE_MAX)
return (NULL);
if ((pname = malloc(gd->cname.length + 1)) == NULL)