diff options
| author | Ben Lindstrom <mouring@eviladmin.org> | 2002-03-22 01:08:07 +0000 |
|---|---|---|
| committer | Ben Lindstrom <mouring@eviladmin.org> | 2002-03-22 01:08:07 +0000 |
| commit | 5c15958230492f1f42fedb72337485f908d86a98 (patch) | |
| tree | b13598e72630062e4a40a1e2b62a0ec8585842b5 /sshconnect1.c | |
| parent | 83b79e48dfd954463f8f6d6cdc62b2b63fdcb653 (diff) | |
- markus@cvs.openbsd.org 2002/03/14 15:24:27
[sshconnect1.c]
don't trust size sent by (rogue) server; noted by s.esser@e-matters.de
Diffstat (limited to 'sshconnect1.c')
| -rw-r--r-- | sshconnect1.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/sshconnect1.c b/sshconnect1.c index d7722f4b9..393694138 100644 --- a/sshconnect1.c +++ b/sshconnect1.c | |||
| @@ -13,7 +13,7 @@ | |||
| 13 | */ | 13 | */ |
| 14 | 14 | ||
| 15 | #include "includes.h" | 15 | #include "includes.h" |
| 16 | RCSID("$OpenBSD: sshconnect1.c,v 1.48 2002/02/11 16:15:46 markus Exp $"); | 16 | RCSID("$OpenBSD: sshconnect1.c,v 1.49 2002/03/14 15:24:27 markus Exp $"); |
| 17 | 17 | ||
| 18 | #include <openssl/bn.h> | 18 | #include <openssl/bn.h> |
| 19 | #include <openssl/md5.h> | 19 | #include <openssl/md5.h> |
| @@ -459,6 +459,8 @@ try_krb4_authentication(void) | |||
| 459 | 459 | ||
| 460 | /* Get server's response. */ | 460 | /* Get server's response. */ |
| 461 | reply = packet_get_string((u_int *) &auth.length); | 461 | reply = packet_get_string((u_int *) &auth.length); |
| 462 | if (auth.length >= MAX_KTXT_LEN) | ||
| 463 | fatal("Kerberos v4: Malformed response from server"); | ||
| 462 | memcpy(auth.dat, reply, auth.length); | 464 | memcpy(auth.dat, reply, auth.length); |
| 463 | xfree(reply); | 465 | xfree(reply); |
| 464 | 466 | ||