From: Kurt Zeilenga <kurt@openldap.org>
Date: Tue, 12 Dec 2006 14:18:54 +0000 (+0000)
Subject: ITS#4775: blind fix for buffer overflow condition in dead KrbIV code
X-Git-Tag: OPENLDAP_REL_ENG_2_4_4ALPHA~8^2~388
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2761b06c588d5719976601aa0f9d63b121417702;p=thirdparty%2Fopenldap.git

ITS#4775: blind fix for buffer overflow condition in dead KrbIV code
(KrbIV code likely should be removed)
---

diff --git a/servers/slapd/kerberos.c b/servers/slapd/kerberos.c
index fd145aaf2f..67d6ad9dd4 100644
--- a/servers/slapd/kerberos.c
+++ b/servers/slapd/kerberos.c
@@ -41,6 +41,10 @@ krbv4_ldap_auth(
 
 	Debug( LDAP_DEBUG_TRACE, "=> kerberosv4_ldap_auth\n", 0, 0, 0 );
 
+	if( cred->len > sizeof(ktxt->dat) ) {
+		return LDAP_OTHER;
+	}
+
 	AC_MEMCPY( ktxt->dat, cred->bv_val, cred->bv_len );
 	ktxt->length = cred->bv_len;