- markus@cvs.openbsd.org 2002/03/14 15:24:27

[sshconnect1.c] don't trust size sent by (rogue) server; noted by s.esser@e-matters.de
author: mouring <mouring> 2002-03-22 01:08:07 +0000
committer: mouring <mouring> 2002-03-22 01:08:07 +0000
commit: 2a8ee74da6b5aeea878f915e4a9483b3bdb01cc6 (patch)
tree: a0d8d0a30f89814661675a9855c220c8afe9013e /sshconnect1.c
parent: f1a2906134f4e8ff1d5e88d7139187a62d1c5c72 (diff)
download: openssh-2a8ee74da6b5aeea878f915e4a9483b3bdb01cc6.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/sshconnect1.c b/sshconnect1.c
index d7722f4b..39369413 100644
--- a/sshconnect1.c
+++ b/sshconnect1.c
@@ -13,7 +13,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect1.c,v 1.48 2002/02/11 16:15:46 markus Exp $");
+RCSID("$OpenBSD: sshconnect1.c,v 1.49 2002/03/14 15:24:27 markus Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/md5.h>
@@ -459,6 +459,8 @@ try_krb4_authentication(void)
 
 		/* Get server's response. */
 		reply = packet_get_string((u_int *) &auth.length);
+		if (auth.length >= MAX_KTXT_LEN)
+			fatal("Kerberos v4: Malformed response from server");
 		memcpy(auth.dat, reply, auth.length);
 		xfree(reply);
author	mouring <mouring>	2002-03-22 01:08:07 +0000
committer	mouring <mouring>	2002-03-22 01:08:07 +0000
commit	2a8ee74da6b5aeea878f915e4a9483b3bdb01cc6 (patch)
tree	a0d8d0a30f89814661675a9855c220c8afe9013e /sshconnect1.c
parent	f1a2906134f4e8ff1d5e88d7139187a62d1c5c72 (diff)
download	openssh-2a8ee74da6b5aeea878f915e4a9483b3bdb01cc6.tar.gz