From 1cd3650718ad8b3527d7f53661bde80340c188fb Mon Sep 17 00:00:00 2001
From: Tom Yu <tlyu@mit.edu>
Date: Sat, 15 Dec 2007 01:22:44 +0000
Subject: [PATCH] pull up r20181 from trunk

 r20181@cathode-dark-space:  tlyu | 2007-12-14 00:01:23 -0500
 ticket: 5855
 target_version: 1.6.4
 tags: pullup

 fix CVE-2007-5902: integer overflow in svcauth_gss_get_principal()


ticket: 5855
version_fixed: 1.6.4

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20185 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/lib/rpc/svc_auth_gss.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/lib/rpc/svc_auth_gss.c b/src/lib/rpc/svc_auth_gss.c
index 83ab9754a..7d10fe751 100644
--- a/src/lib/rpc/svc_auth_gss.c
+++ b/src/lib/rpc/svc_auth_gss.c
@@ -671,7 +671,7 @@ svcauth_gss_get_principal(SVCAUTH *auth)
 
 	gd = SVCAUTH_PRIVATE(auth);
 
-	if (gd->cname.length == 0)
+	if (gd->cname.length == 0 || gd->cname.length >= SIZE_MAX)
 		return (NULL);
 
 	if ((pname = malloc(gd->cname.length + 1)) == NULL)
-- 
2.26.2