* secure.c (secure_putbuf): Revert Sam's last change; if

 	FUDGE_FACTOR is wrong, then badness can happen.  Also, if
 	out_buf.length != nbytes+FUDGE_FACTOR, heap corruption could
 	happen.  We really should be using gss_wrap_size_limit() or
 	something like that, but doing so would require substantial
 	amounts of reworking. [krb5-appl/685]

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11228 dc483132-0cff-0310-8789-dd5450dbe970

2 files changed, 10 insertions, 1 deletions

diff --git a/src/appl/gssftp/ftp/ChangeLog b/src/appl/gssftp/ftp/ChangeLog
index f76c9894d..f275b6ea5 100644
--- a/src/appl/gssftp/ftp/ChangeLog
+++ b/src/appl/gssftp/ftp/ChangeLog
@@ -1,3 +1,12 @@
+Thu Feb 25 23:05:03 1999  Tom Yu  <tlyu@mit.edu>
+
+	* secure.c (secure_putbuf): Revert Sam's last change; if
+ 	FUDGE_FACTOR is wrong, then badness can happen.  Also, if
+ 	out_buf.length != nbytes+FUDGE_FACTOR, heap corruption could
+ 	happen.  We really should be using gss_wrap_size_limit() or
+ 	something like that, but doing so would require substantial
+ 	amounts of reworking. [krb5-appl/685]
+
 1998-11-13  Theodore Ts'o  <tytso@rsts-11.mit.edu>
 
 	* Makefile.in: Set the myfulldir and mydir variables (which are
diff --git a/src/appl/gssftp/ftp/secure.c b/src/appl/gssftp/ftp/secure.c
index 57653b628..48f57f93f 100644
--- a/src/appl/gssftp/ftp/secure.c
+++ b/src/appl/gssftp/ftp/secure.c
@@ -282,7 +282,7 @@ unsigned int nbyte;
 			if (outbuf?
 			    (outbuf = realloc(outbuf, (unsigned) out_buf.length)):
 			    (outbuf = malloc((unsigned) out_buf.length))) {
-				bufsize = nbyte + FUDGE_FACTOR;
+				bufsize = out_buf.length;
 			} else {
 				bufsize = 0;
 				secure_error("%s (in malloc of PROT buffer)",