don't trust size sent by (rogue) server; noted by s.esser@e-matters.de

author: markus <markus@openbsd.org> 2002-03-14 15:24:27 +0000
committer: markus <markus@openbsd.org> 2002-03-14 15:24:27 +0000
commit: 9db67ba01a64d55614a0e1803c5ecb961297f40b (patch)
tree: 04c1f30a28e75a3e636111cde3765928f975c356
parent: Remove \n from err/errx/warn/warnx(). (diff)
download: wireguard-openbsd-9db67ba01a64d55614a0e1803c5ecb961297f40b.tar.xz
wireguard-openbsd-9db67ba01a64d55614a0e1803c5ecb961297f40b.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/usr.bin/ssh/sshconnect1.c b/usr.bin/ssh/sshconnect1.c
index d7722f4b9bf..393694138f6 100644
--- a/usr.bin/ssh/sshconnect1.c
+++ b/usr.bin/ssh/sshconnect1.c
@@ -13,7 +13,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect1.c,v 1.48 2002/02/11 16:15:46 markus Exp $");
+RCSID("$OpenBSD: sshconnect1.c,v 1.49 2002/03/14 15:24:27 markus Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/md5.h>
@@ -459,6 +459,8 @@ try_krb4_authentication(void)
 
 		/* Get server's response. */
 		reply = packet_get_string((u_int *) &auth.length);
+		if (auth.length >= MAX_KTXT_LEN)
+			fatal("Kerberos v4: Malformed response from server");
 		memcpy(auth.dat, reply, auth.length);
 		xfree(reply);
author	markus <markus@openbsd.org>	2002-03-14 15:24:27 +0000
committer	markus <markus@openbsd.org>	2002-03-14 15:24:27 +0000
commit	9db67ba01a64d55614a0e1803c5ecb961297f40b (patch)
tree	04c1f30a28e75a3e636111cde3765928f975c356
parent	Remove \n from err/errx/warn/warnx(). (diff)
download	wireguard-openbsd-9db67ba01a64d55614a0e1803c5ecb961297f40b.tar.xz wireguard-openbsd-9db67ba01a64d55614a0e1803c5ecb961297f40b.zip