From adb467fb692600c569d8129dfd96371b481d2653 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 6 Aug 2011 06:16:46 +1000 Subject: - markus@cvs.openbsd.org 2011/08/01 19:18:15 [gss-serv.c] prevent post-auth resource exhaustion (int overflow leading to 4GB malloc); report Adam Zabrock; ok djm@, deraadt@ --- gss-serv.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'gss-serv.c') diff --git a/gss-serv.c b/gss-serv.c index 2ec7ea19c..c719c1306 100644 --- a/gss-serv.c +++ b/gss-serv.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-serv.c,v 1.22 2008/05/08 12:02:23 djm Exp $ */ +/* $OpenBSD: gss-serv.c,v 1.23 2011/08/01 19:18:15 markus Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -229,6 +229,8 @@ ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name) name->length = get_u32(tok+offset); offset += 4; + if (UINT_MAX - offset < name->length) + return GSS_S_FAILURE; if (ename->length < offset+name->length) return GSS_S_FAILURE; -- cgit v1.2.3