From 2761b06c588d5719976601aa0f9d63b121417702 Mon Sep 17 00:00:00 2001 From: Kurt Zeilenga Date: Tue, 12 Dec 2006 14:18:54 +0000 Subject: [PATCH] ITS#4775: blind fix for buffer overflow condition in dead KrbIV code (KrbIV code likely should be removed) --- servers/slapd/kerberos.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/servers/slapd/kerberos.c b/servers/slapd/kerberos.c index fd145aaf2f..67d6ad9dd4 100644 --- a/servers/slapd/kerberos.c +++ b/servers/slapd/kerberos.c @@ -41,6 +41,10 @@ krbv4_ldap_auth( Debug( LDAP_DEBUG_TRACE, "=> kerberosv4_ldap_auth\n", 0, 0, 0 ); + if( cred->len > sizeof(ktxt->dat) ) { + return LDAP_OTHER; + } + AC_MEMCPY( ktxt->dat, cred->bv_val, cred->bv_len ); ktxt->length = cred->bv_len;