merge fix from vendor for removing buffer overrun

2026-05-28 04:12:45 -04:00 · 2000-12-10 21:00:35 +00:00 · 2000-12-10 21:00:35 +00:00 · 7a7ff9f80d
commit 7a7ff9f80d
parent fcbc584c3b
1 changed files with 3 additions and 0 deletions
--- a/crypto/kerberosIV/lib/krb/kdc_reply.c
+++ b/crypto/kerberosIV/lib/krb/kdc_reply.c
@ -121,6 +121,9 @@ kdc_reply_cipher(KTEXT reply, KTEXT cip)
    p += krb_get_int(p, &exp_date, 4, little_endian);
    p++; /* master key version number */
    p += krb_get_int(p, &clen, 2, little_endian);
+    if (reply->length - (p - reply->dat) < clen)
+	return INTK_PROT;
+
    cip->length = clen;
    memcpy(cip->dat, p, clen);
    p += clen;