aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCy Schubert <cy@FreeBSD.org>2022-12-01 00:11:18 +0000
committerCy Schubert <cy@FreeBSD.org>2022-12-05 21:50:28 +0000
commit95240a65fb18985378988d5077fbac43fba30c5c (patch)
tree8108fa8ad3cbc128543c0c39eba1fca54c86692b
parent02c5770995e3769f692ec57c6d20c8229e7b4df3 (diff)
downloadsrc-95240a65fb18985378988d5077fbac43fba30c5c.tar.gz
src-95240a65fb18985378988d5077fbac43fba30c5c.zip
heimdal: Fix bus fault when zero-length request received
Zero length client requests result in a bus fault when attempting to free malloc()ed pointers within the requests softc. Return an error when the request is zero length. PR: 268062 Reported by: Robert Morris <rtm@lcs.mit.edu> (cherry picked from commit 6742ff42ab3b6e65239f975314060b1393e22d62)
Diffstat
-rw-r--r--crypto/heimdal/lib/krb5/read_message.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/crypto/heimdal/lib/krb5/read_message.c b/crypto/heimdal/lib/krb5/read_message.c
index 4e9bd012dd67..e994b0f09133 100644
--- a/crypto/heimdal/lib/krb5/read_message.c
+++ b/crypto/heimdal/lib/krb5/read_message.c
@@ -55,6 +55,11 @@ krb5_read_message (krb5_context context,
return HEIM_ERR_EOF;
}
len = (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
+ if (len == 0) {
+ krb5_clear_error_message(context);
+ return HEIM_ERR_EOF;
+ }
+
ret = krb5_data_alloc (data, len);
if (ret) {
krb5_clear_error_message(context);
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-21 06:06:01 +0000