diff options
author | Ben Lindstrom <mouring@eviladmin.org> | 2002-03-22 01:08:07 +0000 |
---|---|---|
committer | Ben Lindstrom <mouring@eviladmin.org> | 2002-03-22 01:08:07 +0000 |
commit | 5c15958230492f1f42fedb72337485f908d86a98 (patch) | |
tree | b13598e72630062e4a40a1e2b62a0ec8585842b5 /sshconnect1.c | |
parent | 83b79e48dfd954463f8f6d6cdc62b2b63fdcb653 (diff) |
- markus@cvs.openbsd.org 2002/03/14 15:24:27
[sshconnect1.c]
don't trust size sent by (rogue) server; noted by s.esser@e-matters.de
Diffstat (limited to 'sshconnect1.c')
-rw-r--r-- | sshconnect1.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/sshconnect1.c b/sshconnect1.c index d7722f4b9..393694138 100644 --- a/sshconnect1.c +++ b/sshconnect1.c | |||
@@ -13,7 +13,7 @@ | |||
13 | */ | 13 | */ |
14 | 14 | ||
15 | #include "includes.h" | 15 | #include "includes.h" |
16 | RCSID("$OpenBSD: sshconnect1.c,v 1.48 2002/02/11 16:15:46 markus Exp $"); | 16 | RCSID("$OpenBSD: sshconnect1.c,v 1.49 2002/03/14 15:24:27 markus Exp $"); |
17 | 17 | ||
18 | #include <openssl/bn.h> | 18 | #include <openssl/bn.h> |
19 | #include <openssl/md5.h> | 19 | #include <openssl/md5.h> |
@@ -459,6 +459,8 @@ try_krb4_authentication(void) | |||
459 | 459 | ||
460 | /* Get server's response. */ | 460 | /* Get server's response. */ |
461 | reply = packet_get_string((u_int *) &auth.length); | 461 | reply = packet_get_string((u_int *) &auth.length); |
462 | if (auth.length >= MAX_KTXT_LEN) | ||
463 | fatal("Kerberos v4: Malformed response from server"); | ||
462 | memcpy(auth.dat, reply, auth.length); | 464 | memcpy(auth.dat, reply, auth.length); |
463 | xfree(reply); | 465 | xfree(reply); |
464 | 466 | ||