- markus@cvs.openbsd.org 2011/08/01 19:18:15
[gss-serv.c]
prevent post-auth resource exhaustion (int overflow leading to 4GB malloc);
report Adam Zabrock; ok djm@, deraadt@
diff --git a/gss-serv.c b/gss-serv.c
index 2ec7ea1..c719c13 100644
--- a/gss-serv.c
+++ b/gss-serv.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: gss-serv.c,v 1.22 2008/05/08 12:02:23 djm Exp $ */
+/* $OpenBSD: gss-serv.c,v 1.23 2011/08/01 19:18:15 markus Exp $ */
/*
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@@ -229,6 +229,8 @@
name->length = get_u32(tok+offset);
offset += 4;
+ if (UINT_MAX - offset < name->length)
+ return GSS_S_FAILURE;
if (ename->length < offset+name->length)
return GSS_S_FAILURE;