From 895fb4ef518bece36f11f81971c544e5a9ee8126 Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Tue, 15 Oct 2002 22:51:50 +0000 Subject: [PATCH] Thanks, (corrected) patch applied * hst_realm.c (krb5_try_realm_txt_rr): Apply patch from Nalin Dahyabhai to bounds-check return value from res_search(). * locate_kdc.c (krb5_locate_srv_dns_1): Apply patch from Nalin Dahyabhai to bounds-check return value from res_search(). ticket: 1216 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14928 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb5/os/ChangeLog | 8 ++++++++ src/lib/krb5/os/hst_realm.c | 2 +- src/lib/krb5/os/locate_kdc.c | 2 +- 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/src/lib/krb5/os/ChangeLog b/src/lib/krb5/os/ChangeLog index 7e80873fe..6c994b1e3 100644 --- a/src/lib/krb5/os/ChangeLog +++ b/src/lib/krb5/os/ChangeLog @@ -1,3 +1,11 @@ +2002-10-15 Tom Yu + + * hst_realm.c (krb5_try_realm_txt_rr): Apply patch from Nalin + Dahyabhai to bounds-check return value from res_search(). + + * locate_kdc.c (krb5_locate_srv_dns_1): Apply patch from Nalin + Dahyabhai to bounds-check return value from res_search(). + 2002-10-11 Tom Yu * read_pwd.c (krb5_read_password): Restore name of size_return. diff --git a/src/lib/krb5/os/hst_realm.c b/src/lib/krb5/os/hst_realm.c index 5c89c310e..a72fb846c 100644 --- a/src/lib/krb5/os/hst_realm.c +++ b/src/lib/krb5/os/hst_realm.c @@ -145,7 +145,7 @@ krb5_try_realm_txt_rr(const char *prefix, const char *name, char **realm) } size = res_search(host, C_IN, T_TXT, answer.bytes, sizeof(answer.bytes)); - if (size < 0) + if ((size < sizeof(HEADER)) || (size > sizeof(answer.bytes))) return KRB5_ERR_HOST_REALM_UNKNOWN; p = answer.bytes; diff --git a/src/lib/krb5/os/locate_kdc.c b/src/lib/krb5/os/locate_kdc.c index ea42bbc66..451d3e982 100644 --- a/src/lib/krb5/os/locate_kdc.c +++ b/src/lib/krb5/os/locate_kdc.c @@ -570,7 +570,7 @@ krb5_locate_srv_dns_1 (const krb5_data *realm, size = res_search(host, C_IN, T_SRV, answer.bytes, sizeof(answer.bytes)); - if (size < hdrsize) + if ((size < hdrsize) || (size > sizeof(answer.bytes))) goto out; /* -- 2.26.2