From: Ken Raeburn <raeburn@mit.edu>
Date: Mon, 9 Feb 2004 22:10:40 +0000 (+0000)
Subject: * util_ordering.c (g_queue_externalize, g_queue_internalize): Check for
X-Git-Tag: krb5-1.4-beta1~634
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=e4c192c4d6f5e8c4b7a6bb5cf974944310fc0c82;p=krb5.git

* util_ordering.c (g_queue_externalize, g_queue_internalize): Check for
sufficient buffer space.

ticket: 2166
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16040 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/lib/gssapi/generic/ChangeLog b/src/lib/gssapi/generic/ChangeLog
index 50f08cac8..fd5eb9732 100644
--- a/src/lib/gssapi/generic/ChangeLog
+++ b/src/lib/gssapi/generic/ChangeLog
@@ -1,3 +1,8 @@
+2004-02-08  Ken Raeburn  <raeburn@mit.edu>
+
+	* util_ordering.c (g_queue_externalize, g_queue_internalize):
+	Check for sufficient buffer space.
+
 2003-12-19  Ken Raeburn  <raeburn@mit.edu>
 
 	* gssapi_generic.c (const_oids): Renamed from oids, and now const.
diff --git a/src/lib/gssapi/generic/util_ordering.c b/src/lib/gssapi/generic/util_ordering.c
index fe2eaafc2..f7cf66678 100644
--- a/src/lib/gssapi/generic/util_ordering.c
+++ b/src/lib/gssapi/generic/util_ordering.c
@@ -219,6 +219,8 @@ g_queue_size(void *vqueue, size_t *sizep)
 gss_uint32
 g_queue_externalize(void *vqueue, unsigned char **buf, size_t *lenremain)
 {
+    if (*lenremain < sizeof(queue))
+	return ENOMEM;
     memcpy(*buf, vqueue, sizeof(queue));
     *buf += sizeof(queue);
     *lenremain -= sizeof(queue);
@@ -231,6 +233,8 @@ g_queue_internalize(void **vqueue, unsigned char **buf, size_t *lenremain)
 {
     void *q;
 
+    if (*lenremain < sizeof(queue))
+	return EINVAL;
     if ((q = malloc(sizeof(queue))) == 0)
 	return ENOMEM;
     memcpy(q, *buf, sizeof(queue));