* util_ordering.c (g_queue_externalize, g_queue_internalize): Check for

sufficient buffer space.

ticket: 2166
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16040 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/gssapi/generic/ChangeLog b/src/lib/gssapi/generic/ChangeLog
index 50f08cac8392df3c53c82d5684ea08313c96e965..fd5eb9732ef1848d266d8daa31d71dc4d0f87119 100644 (file)
--- a/src/lib/gssapi/generic/ChangeLog
+++ b/src/lib/gssapi/generic/ChangeLog
@@ -1,3 +1,8 @@
+2004-02-08  Ken Raeburn  <raeburn@mit.edu>
+
+       * util_ordering.c (g_queue_externalize, g_queue_internalize):
+       Check for sufficient buffer space.
+
 2003-12-19  Ken Raeburn  <raeburn@mit.edu>
 
        * gssapi_generic.c (const_oids): Renamed from oids, and now const.

diff --git a/src/lib/gssapi/generic/util_ordering.c b/src/lib/gssapi/generic/util_ordering.c
index fe2eaafc2e43c872429bc105dae3d8c2bc347816..f7cf666789ef234669dad6de089fa810b4c914f4 100644 (file)
--- a/src/lib/gssapi/generic/util_ordering.c
+++ b/src/lib/gssapi/generic/util_ordering.c
@@ -219,6 +219,8 @@ g_queue_size(void *vqueue, size_t *sizep)
 gss_uint32
 g_queue_externalize(void *vqueue, unsigned char **buf, size_t *lenremain)
 {
+    if (*lenremain < sizeof(queue))
+       return ENOMEM;
     memcpy(*buf, vqueue, sizeof(queue));
     *buf += sizeof(queue);
     *lenremain -= sizeof(queue);
@@ -231,6 +233,8 @@ g_queue_internalize(void **vqueue, unsigned char **buf, size_t *lenremain)
 {
     void *q;
 
+    if (*lenremain < sizeof(queue))
+       return EINVAL;
     if ((q = malloc(sizeof(queue))) == 0)
        return ENOMEM;
     memcpy(q, *buf, sizeof(queue));