From 9c67f66f2288d7a387bd46d4aa46d0b514cb4223 Mon Sep 17 00:00:00 2001 From: Ken Raeburn Date: Wed, 14 Jul 2004 21:06:22 +0000 Subject: [PATCH] * recvauth.c (krb_recvauth): Initialize cp and tmp_buf. Check length of data read before evaluating the value. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16595 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb4/ChangeLog | 5 +++++ src/lib/krb4/recvauth.c | 9 ++++++--- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/src/lib/krb4/ChangeLog b/src/lib/krb4/ChangeLog index 20c548c39..7b865d367 100644 --- a/src/lib/krb4/ChangeLog +++ b/src/lib/krb4/ChangeLog @@ -1,3 +1,8 @@ +2004-07-14 Ken Raeburn + + * recvauth.c (krb_recvauth): Initialize cp and tmp_buf. Check + length of data read before evaluating the value. + 2004-06-22 Ken Raeburn * g_pw_in_tkt.c (passwd_to_key): Don't test macintosh. diff --git a/src/lib/krb4/recvauth.c b/src/lib/krb4/recvauth.c index 3d58a33c6..bd2aca56a 100644 --- a/src/lib/krb4/recvauth.c +++ b/src/lib/krb4/recvauth.c @@ -150,11 +150,11 @@ krb_recvauth(options, fd, ticket, service, instance, faddr, laddr, kdata, int i, cc, old_vers = 0; char krb_vers[KRB_SENDAUTH_VLEN + 1]; /* + 1 for the null terminator */ - char *cp; + char *cp = NULL; int rem; KRB4_32 tkt_len, priv_len; unsigned KRB4_32 cksum; - u_char tmp_buf[MAX_KTXT_LEN+max(KRB_SENDAUTH_VLEN+1,21)]; + u_char tmp_buf[MAX_KTXT_LEN+max(KRB_SENDAUTH_VLEN+1,21)] = { 0 }; /* read the protocol version number */ if (krb_net_read(fd, krb_vers, KRB_SENDAUTH_VLEN) != @@ -196,11 +196,14 @@ krb_recvauth(options, fd, ticket, service, instance, faddr, laddr, kdata, } } + if (i==20) + return(KFAILURE); + tkt_len = (KRB4_32) atoi((char *) tmp_buf); /* sanity check the length */ /* These conditions make sure that cp got initialized */ - if ((i==20)||(tkt_len<=0)||(tkt_len>MAX_KTXT_LEN)) + if ((tkt_len<=0)||(tkt_len>MAX_KTXT_LEN)) return(KFAILURE); if (i < KRB_SENDAUTH_VLEN) { -- 2.26.2