+2004-07-14 Ken Raeburn <raeburn@mit.edu>
+
+ * recvauth.c (krb_recvauth): Initialize cp and tmp_buf. Check
+ length of data read before evaluating the value.
+
2004-06-22 Ken Raeburn <raeburn@mit.edu>
* g_pw_in_tkt.c (passwd_to_key): Don't test macintosh.
int i, cc, old_vers = 0;
char krb_vers[KRB_SENDAUTH_VLEN + 1]; /* + 1 for the null terminator */
- char *cp;
+ char *cp = NULL;
int rem;
KRB4_32 tkt_len, priv_len;
unsigned KRB4_32 cksum;
- u_char tmp_buf[MAX_KTXT_LEN+max(KRB_SENDAUTH_VLEN+1,21)];
+ u_char tmp_buf[MAX_KTXT_LEN+max(KRB_SENDAUTH_VLEN+1,21)] = { 0 };
/* read the protocol version number */
if (krb_net_read(fd, krb_vers, KRB_SENDAUTH_VLEN) !=
}
}
+ if (i==20)
+ return(KFAILURE);
+
tkt_len = (KRB4_32) atoi((char *) tmp_buf);
/* sanity check the length */
/* These conditions make sure that cp got initialized */
- if ((i==20)||(tkt_len<=0)||(tkt_len>MAX_KTXT_LEN))
+ if ((tkt_len<=0)||(tkt_len>MAX_KTXT_LEN))
return(KFAILURE);
if (i < KRB_SENDAUTH_VLEN) {