ITS#4775: blind fix for buffer overflow condition in dead KrbIV code

author Kurt Zeilenga <kurt@openldap.org>

Tue, 12 Dec 2006 14:18:54 +0000 (14:18 +0000)

committer Kurt Zeilenga <kurt@openldap.org>

Tue, 12 Dec 2006 14:18:54 +0000 (14:18 +0000)
author Kurt Zeilenga <kurt@openldap.org>
Tue, 12 Dec 2006 14:18:54 +0000 (14:18 +0000)
committer Kurt Zeilenga <kurt@openldap.org>
Tue, 12 Dec 2006 14:18:54 +0000 (14:18 +0000)
diff --git a/servers/slapd/kerberos.c b/servers/slapd/kerberos.c

index fd145aaf2ff3a44a430d68e908cbc7a759088ec5..67d6ad9dd45fe75405e42e9153b7fe034b31c0f4 100644 (file)
--- a/servers/slapd/kerberos.c
+++ b/servers/slapd/kerberos.c
@@ -41,6 +41,10 @@ krbv4_ldap_auth(
  
         Debug( LDAP_DEBUG_TRACE, "=> kerberosv4_ldap_auth\n", 0, 0, 0 );
  
+       if( cred->len > sizeof(ktxt->dat) ) {
+               return LDAP_OTHER;
+       }
+
         AC_MEMCPY( ktxt->dat, cred->bv_val, cred->bv_len );
         ktxt->length = cred->bv_len;
author	Kurt Zeilenga <kurt@openldap.org>
	Tue, 12 Dec 2006 14:18:54 +0000 (14:18 +0000)
committer	Kurt Zeilenga <kurt@openldap.org>
	Tue, 12 Dec 2006 14:18:54 +0000 (14:18 +0000)