File krb5-1.6-fix-CVE-2007-5902.dif of Package krb5

Index: src/lib/rpc/svc_auth_gss.c
===================================================================
--- src/lib/rpc/svc_auth_gss.c.orig
+++ src/lib/rpc/svc_auth_gss.c
@@ -671,7 +671,7 @@ svcauth_gss_get_principal(SVCAUTH *auth)
 
 	gd = SVCAUTH_PRIVATE(auth);
 
-	if (gd->cname.length == 0)
+	if (gd->cname.length == 0 || gd->cname.length >= SIZE_MAX)
 		return (NULL);
 
 	if ((pname = malloc(gd->cname.length + 1)) == NULL)

Places

File krb5-1.6-fix-CVE-2007-5902.dif of Package krb5

Places