merge from head

Try not to malloc -1 bytes (apx 4GB) when the data is already in error.
author: Herb Lewis <herb@samba.org> 2002-02-16 00:10:51 +0000
committer: Herb Lewis <herb@samba.org> 2002-02-16 00:10:51 +0000
commit: 7e1e517b625f3c737391470ec614cbaea3047eae (patch)
tree: 7d98a8a517dcebd0aa26373319228213527442ec
parent: 49ebd50efd11bfea950e904d28eadf42b08ad74d (diff)
download: samba-7e1e517b625f3c737391470ec614cbaea3047eae.tar.gz
samba-7e1e517b625f3c737391470ec614cbaea3047eae.tar.xz
samba-7e1e517b625f3c737391470ec614cbaea3047eae.zip
1 files changed, 11 insertions, 2 deletions
diff --git a/source/libsmb/clispnego.c b/source/libsmb/clispnego.c
index 784463566f3..512a2f60332 100644
--- a/source/libsmb/clispnego.c
+++ b/source/libsmb/clispnego.c
@@ -248,13 +248,22 @@ BOOL spnego_parse_krb5_wrap(DATA_BLOB blob, DATA_BLOB *ticket)
 {
 	BOOL ret;
 	ASN1_DATA data;
+	int ata_remaining;
 
 	asn1_load(&data, blob);
 	asn1_start_tag(&data, ASN1_APPLICATION(0));
 	asn1_check_OID(&data, OID_KERBEROS5);
 	asn1_check_BOOLEAN(&data, 0);
-	*ticket = data_blob(data.data, asn1_tag_remaining(&data));
-	asn1_read(&data, ticket->data, ticket->length);
+
+	data_remaining = asn1_tag_remaining(&data);
+
+	if (data_remaining < 1) {
+		data.has_error = True;
+	} else {
+		*ticket = data_blob(data.data, data_remaining);
+		asn1_read(&data, ticket->data, ticket->length);
+	}
+
 	asn1_end_tag(&data);
 
 	ret = !data.has_error;
author	Herb Lewis <herb@samba.org>	2002-02-16 00:10:51 +0000
committer	Herb Lewis <herb@samba.org>	2002-02-16 00:10:51 +0000
commit	7e1e517b625f3c737391470ec614cbaea3047eae (patch)
tree	7d98a8a517dcebd0aa26373319228213527442ec
parent	49ebd50efd11bfea950e904d28eadf42b08ad74d (diff)
download	samba-7e1e517b625f3c737391470ec614cbaea3047eae.tar.gz samba-7e1e517b625f3c737391470ec614cbaea3047eae.tar.xz samba-7e1e517b625f3c737391470ec614cbaea3047eae.zip