ITS#4775: blind fix for buffer overflow condition in dead KrbIV code

diff --git a/servers/slapd/kerberos.c b/servers/slapd/kerberos.c
index 225b8d142116a2a1a83b49fe0f51a3d22c4ba4ba..e4b408c35b3a44cb11c01d919228b02f8d978664 100644 (file)
--- a/servers/slapd/kerberos.c
+++ b/servers/slapd/kerberos.c
@@ -41,6 +41,10 @@ krbv4_ldap_auth(
 
        Debug( LDAP_DEBUG_TRACE, "=> kerberosv4_ldap_auth\n", 0, 0, 0 );
 
+       if( cred->len > sizeof(ktxt->dat) ) {
+               return LDAP_OTHER;
+       }
+
        AC_MEMCPY( ktxt->dat, cred->bv_val, cred->bv_len );
        ktxt->length = cred->bv_len;