* recvauth.c (krb_recvauth): Initialize cp and tmp_buf. Check length of data
authorKen Raeburn <raeburn@mit.edu>
Wed, 14 Jul 2004 21:06:22 +0000 (21:06 +0000)
committerKen Raeburn <raeburn@mit.edu>
Wed, 14 Jul 2004 21:06:22 +0000 (21:06 +0000)
read before evaluating the value.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16595 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/krb4/ChangeLog
src/lib/krb4/recvauth.c

index 20c548c39c61f25effaa0010fcdd67c51df52fca..7b865d367bf75f1fea9a189d1d665e58f37529da 100644 (file)
@@ -1,3 +1,8 @@
+2004-07-14  Ken Raeburn  <raeburn@mit.edu>
+
+       * recvauth.c (krb_recvauth): Initialize cp and tmp_buf.  Check
+       length of data read before evaluating the value.
+
 2004-06-22  Ken Raeburn  <raeburn@mit.edu>
 
        * g_pw_in_tkt.c (passwd_to_key): Don't test macintosh.
index 3d58a33c65fc7ec10fb8dfe410af94e75809c01b..bd2aca56a0fc3c94f7fc0530ae5e5c1c3b34bb5f 100644 (file)
@@ -150,11 +150,11 @@ krb_recvauth(options, fd, ticket, service, instance, faddr, laddr, kdata,
 
     int i, cc, old_vers = 0;
     char krb_vers[KRB_SENDAUTH_VLEN + 1]; /* + 1 for the null terminator */
-    char *cp;
+    char *cp = NULL;
     int rem;
     KRB4_32 tkt_len, priv_len;
     unsigned KRB4_32 cksum;
-    u_char tmp_buf[MAX_KTXT_LEN+max(KRB_SENDAUTH_VLEN+1,21)];
+    u_char tmp_buf[MAX_KTXT_LEN+max(KRB_SENDAUTH_VLEN+1,21)] = { 0 };
 
     /* read the protocol version number */
     if (krb_net_read(fd, krb_vers, KRB_SENDAUTH_VLEN) !=
@@ -196,11 +196,14 @@ krb_recvauth(options, fd, ticket, service, instance, faddr, laddr, kdata,
                }
            }
 
+       if (i==20)
+           return(KFAILURE);
+
        tkt_len = (KRB4_32) atoi((char *) tmp_buf);
 
        /* sanity check the length */
        /* These conditions make sure that cp got initialized */
-       if ((i==20)||(tkt_len<=0)||(tkt_len>MAX_KTXT_LEN))
+       if ((tkt_len<=0)||(tkt_len>MAX_KTXT_LEN))
            return(KFAILURE);
 
        if (i < KRB_SENDAUTH_VLEN) {