heimdal:lib/gssapi/krb5: make _gssapi_verify_pad() more robust

Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
author: Stefan Metzmacher <metze@samba.org> 2015-06-18 15:43:32 +0200
committer: Andrew Bartlett <abartlet@samba.org> 2015-06-24 01:03:16 +0200
commit: 9414d9867c51c0db3d7166b4afcf5ff5b39d64a1 (patch)
tree: 4ca7285489f683abaff681bec6d4a4bb3b0364e0 /source4/heimdal/lib
parent: 3b9e5cfd2318d96dfaf1b31526f578d7fb42ff7a (diff)
download: samba-9414d9867c51c0db3d7166b4afcf5ff5b39d64a1.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/source4/heimdal/lib/gssapi/krb5/decapsulate.c b/source4/heimdal/lib/gssapi/krb5/decapsulate.c
index 640c064d0bf..86085f56950 100644
--- a/source4/heimdal/lib/gssapi/krb5/decapsulate.c
+++ b/source4/heimdal/lib/gssapi/krb5/decapsulate.c
@@ -190,6 +190,9 @@ _gssapi_verify_pad(gss_buffer_t wrapped_token,
     size_t padlength;
     int i;
 
+    if (wrapped_token->length < 1)
+	return GSS_S_BAD_MECH;
+
     pad = (u_char *)wrapped_token->value + wrapped_token->length - 1;
     padlength = *pad;
author	Stefan Metzmacher <metze@samba.org>	2015-06-18 15:43:32 +0200
committer	Andrew Bartlett <abartlet@samba.org>	2015-06-24 01:03:16 +0200
commit	9414d9867c51c0db3d7166b4afcf5ff5b39d64a1 (patch)
tree	4ca7285489f683abaff681bec6d4a4bb3b0364e0 /source4/heimdal/lib
parent	3b9e5cfd2318d96dfaf1b31526f578d7fb42ff7a (diff)
download	samba-9414d9867c51c0db3d7166b4afcf5ff5b39d64a1.tar.gz