From: Quanah Gibson-Mount <quanah@openldap.org>
Date: Sat, 16 Dec 2006 01:39:41 +0000 (+0000)
Subject: ITS#4775: blind fix for buffer overflow condition in dead KrbIV code
X-Git-Tag: OPENLDAP_REL_ENG_2_3_31~8
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=922d856d600f35f6599061435fb86a4ed56938d0;p=thirdparty%2Fopenldap.git

ITS#4775: blind fix for buffer overflow condition in dead KrbIV code
---

diff --git a/servers/slapd/kerberos.c b/servers/slapd/kerberos.c
index 225b8d1421..e4b408c35b 100644
--- a/servers/slapd/kerberos.c
+++ b/servers/slapd/kerberos.c
@@ -41,6 +41,10 @@ krbv4_ldap_auth(
 
 	Debug( LDAP_DEBUG_TRACE, "=> kerberosv4_ldap_auth\n", 0, 0, 0 );
 
+	if( cred->len > sizeof(ktxt->dat) ) {
+		return LDAP_OTHER;
+	}
+
 	AC_MEMCPY( ktxt->dat, cred->bv_val, cred->bv_len );
 	ktxt->length = cred->bv_len;