From 01b3b9cbb23f8e8790ba0daeac24667c4f9f34ea Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Fri, 14 Dec 2007 05:01:23 +0000 Subject: [PATCH] fix CVE-2007-5902: integer overflow in svcauth_gss_get_principal() ticket: 5855 target_version: 1.6.4 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20181 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/rpc/svc_auth_gss.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/rpc/svc_auth_gss.c b/src/lib/rpc/svc_auth_gss.c index 1b2fa1e14..8b82291a0 100644 --- a/src/lib/rpc/svc_auth_gss.c +++ b/src/lib/rpc/svc_auth_gss.c @@ -645,7 +645,7 @@ svcauth_gss_get_principal(SVCAUTH *auth) gd = SVCAUTH_PRIVATE(auth); - if (gd->cname.length == 0) + if (gd->cname.length == 0 || gd->cname.length >= SIZE_MAX) return (NULL); if ((pname = malloc(gd->cname.length + 1)) == NULL) -- 2.26.2