From: Tom Yu <tlyu@mit.edu>
Date: Fri, 14 Dec 2007 05:01:23 +0000 (+0000)
Subject: fix CVE-2007-5902: integer overflow in svcauth_gss_get_principal()
X-Git-Tag: krb5-1.7-alpha1~764
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=01b3b9cbb23f8e8790ba0daeac24667c4f9f34ea;p=krb5.git

fix CVE-2007-5902: integer overflow in svcauth_gss_get_principal()

ticket: 5855
target_version: 1.6.4
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20181 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/lib/rpc/svc_auth_gss.c b/src/lib/rpc/svc_auth_gss.c
index 1b2fa1e14..8b82291a0 100644
--- a/src/lib/rpc/svc_auth_gss.c
+++ b/src/lib/rpc/svc_auth_gss.c
@@ -645,7 +645,7 @@ svcauth_gss_get_principal(SVCAUTH *auth)
 
 	gd = SVCAUTH_PRIVATE(auth);
 
-	if (gd->cname.length == 0)
+	if (gd->cname.length == 0 || gd->cname.length >= SIZE_MAX)
 		return (NULL);
 
 	if ((pname = malloc(gd->cname.length + 1)) == NULL)