Try not to malloc -1 bytes (apx 4GB) when the data is already in error.

Andrew Bartlett
author: Andrew Bartlett <abartlet@samba.org> 2002-02-15 23:11:13 +0000
committer: Andrew Bartlett <abartlet@samba.org> 2002-02-15 23:11:13 +0000
commit: ad1faf8fa4019cb57fbb7f311f6d4943359bcd45 (patch)
tree: 246831f252b3730e20e26c987efc2cd3a97a630f /source/libsmb/clispnego.c
parent: b6d5d02aa1bf0caa28343dc87444f049c5fd8ce5 (diff)
download: samba-ad1faf8fa4019cb57fbb7f311f6d4943359bcd45.tar.gz
samba-ad1faf8fa4019cb57fbb7f311f6d4943359bcd45.tar.xz
samba-ad1faf8fa4019cb57fbb7f311f6d4943359bcd45.zip
1 files changed, 12 insertions, 2 deletions
diff --git a/source/libsmb/clispnego.c b/source/libsmb/clispnego.c
index a962953b901..a4fcfa5d9a9 100644
--- a/source/libsmb/clispnego.c
+++ b/source/libsmb/clispnego.c
@@ -247,13 +247,23 @@ BOOL spnego_parse_krb5_wrap(DATA_BLOB blob, DATA_BLOB *ticket)
 {
 	BOOL ret;
 	ASN1_DATA data;
+	int data_remaining;
 
 	asn1_load(&data, blob);
 	asn1_start_tag(&data, ASN1_APPLICATION(0));
 	asn1_check_OID(&data, OID_KERBEROS5);
 	asn1_check_BOOLEAN(&data, 0);
-	*ticket = data_blob(data.data, asn1_tag_remaining(&data));
-	asn1_read(&data, ticket->data, ticket->length);
+
+	data_remaining = asn1_tag_remaining(&data);
+
+	if (data_remaining < 1) {
+		data.has_error = True;
+	} else {
+		
+		*ticket = data_blob(data.data, data_remaining);
+		asn1_read(&data, ticket->data, ticket->length);
+	}
+
 	asn1_end_tag(&data);
 
 	ret = !data.has_error;
author	Andrew Bartlett <abartlet@samba.org>	2002-02-15 23:11:13 +0000
committer	Andrew Bartlett <abartlet@samba.org>	2002-02-15 23:11:13 +0000
commit	ad1faf8fa4019cb57fbb7f311f6d4943359bcd45 (patch)
tree	246831f252b3730e20e26c987efc2cd3a97a630f /source/libsmb/clispnego.c
parent	b6d5d02aa1bf0caa28343dc87444f049c5fd8ce5 (diff)
download	samba-ad1faf8fa4019cb57fbb7f311f6d4943359bcd45.tar.gz samba-ad1faf8fa4019cb57fbb7f311f6d4943359bcd45.tar.xz samba-ad1faf8fa4019cb57fbb7f311f6d4943359bcd45.zip