summaryrefslogtreecommitdiff
path: root/sshconnect1.c
diff options
context:
space:
mode:
authorBen Lindstrom <mouring@eviladmin.org>2002-03-22 01:08:07 +0000
committerBen Lindstrom <mouring@eviladmin.org>2002-03-22 01:08:07 +0000
commit5c15958230492f1f42fedb72337485f908d86a98 (patch)
treeb13598e72630062e4a40a1e2b62a0ec8585842b5 /sshconnect1.c
parent83b79e48dfd954463f8f6d6cdc62b2b63fdcb653 (diff)
- markus@cvs.openbsd.org 2002/03/14 15:24:27
[sshconnect1.c] don't trust size sent by (rogue) server; noted by s.esser@e-matters.de
Diffstat (limited to 'sshconnect1.c')
-rw-r--r--sshconnect1.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/sshconnect1.c b/sshconnect1.c
index d7722f4b..39369413 100644
--- a/sshconnect1.c
+++ b/sshconnect1.c
@@ -13,7 +13,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect1.c,v 1.48 2002/02/11 16:15:46 markus Exp $");
+RCSID("$OpenBSD: sshconnect1.c,v 1.49 2002/03/14 15:24:27 markus Exp $");
#include <openssl/bn.h>
#include <openssl/md5.h>
@@ -459,6 +459,8 @@ try_krb4_authentication(void)
/* Get server's response. */
reply = packet_get_string((u_int *) &auth.length);
+ if (auth.length >= MAX_KTXT_LEN)
+ fatal("Kerberos v4: Malformed response from server");
memcpy(auth.dat, reply, auth.length);
xfree(reply);