]> andersk Git - openssh.git/commitdiff
andersk / openssh.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5fc7dbc)
- markus@cvs.openbsd.org 2002/03/14 15:24:27
authormouring <mouring>
Fri, 22 Mar 2002 01:08:07 +0000 (01:08 +0000)
committermouring <mouring>
Fri, 22 Mar 2002 01:08:07 +0000 (01:08 +0000)
     [sshconnect1.c]
     don't trust size sent by (rogue) server; noted by s.esser@e-matters.de

ChangeLog patch | blob | blame | history
sshconnect1.c patch | blob | blame | history

diff --git a/ChangeLog b/ChangeLog
index 0f7aac43029f5ef4d2bd8d18941e3b4bca7b7efd..6fa5267200c4ac8feb52a7cb9895542ccf418368 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -9,6 +9,9 @@
    - itojun@cvs.openbsd.org 2002/03/11 03:19:53
      [sftp-client.c]
      indent
+   - markus@cvs.openbsd.org 2002/03/14 15:24:27
+     [sshconnect1.c]
+     don't trust size sent by (rogue) server; noted by s.esser@e-matters.de
 
 20020317
  - (tim) [configure.ac] Assume path given with --with-pid-dir=PATH is wanted,
diff --git a/sshconnect1.c b/sshconnect1.c
index d7722f4b9bf400becf267d73b07121e3b21732f9..393694138f60b372f49f8c3217ad2266a84e8bc3 100644 (file)
--- a/sshconnect1.c
+++ b/sshconnect1.c
@@ -13,7 +13,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect1.c,v 1.48 2002/02/11 16:15:46 markus Exp $");
+RCSID("$OpenBSD: sshconnect1.c,v 1.49 2002/03/14 15:24:27 markus Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/md5.h>
@@ -459,6 +459,8 @@ try_krb4_authentication(void)
 
                /* Get server's response. */
                reply = packet_get_string((u_int *) &auth.length);
+               if (auth.length >= MAX_KTXT_LEN)
+                       fatal("Kerberos v4: Malformed response from server");
                memcpy(auth.dat, reply, auth.length);
                xfree(reply);
 
git-cvsimport mirror of OpenSSH
This page took 0.060961 seconds and 5 git commands to generate.