diff options
Diffstat (limited to 'gss-serv.c')
| -rw-r--r-- | gss-serv.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/gss-serv.c b/gss-serv.c index 365e48d88..380895ea5 100644 --- a/gss-serv.c +++ b/gss-serv.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: gss-serv.c,v 1.22 2008/05/08 12:02:23 djm Exp $ */ | 1 | /* $OpenBSD: gss-serv.c,v 1.23 2011/08/01 19:18:15 markus Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved. | 4 | * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved. |
| @@ -266,6 +266,8 @@ ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name) | |||
| 266 | name->length = get_u32(tok+offset); | 266 | name->length = get_u32(tok+offset); |
| 267 | offset += 4; | 267 | offset += 4; |
| 268 | 268 | ||
| 269 | if (UINT_MAX - offset < name->length) | ||
| 270 | return GSS_S_FAILURE; | ||
| 269 | if (ename->length < offset+name->length) | 271 | if (ename->length < offset+name->length) |
| 270 | return GSS_S_FAILURE; | 272 | return GSS_S_FAILURE; |
| 271 | 273 | ||