diff options
author | Cy Schubert <cy@FreeBSD.org> | 2022-12-01 00:11:18 +0000 |
---|---|---|
committer | Cy Schubert <cy@FreeBSD.org> | 2022-12-05 21:50:28 +0000 |
commit | 95240a65fb18985378988d5077fbac43fba30c5c (patch) | |
tree | 8108fa8ad3cbc128543c0c39eba1fca54c86692b | |
parent | 02c5770995e3769f692ec57c6d20c8229e7b4df3 (diff) | |
download | src-95240a65fb18985378988d5077fbac43fba30c5c.tar.gz src-95240a65fb18985378988d5077fbac43fba30c5c.zip |
heimdal: Fix bus fault when zero-length request received
Zero length client requests result in a bus fault when attempting to
free malloc()ed pointers within the requests softc. Return an error
when the request is zero length.
PR: 268062
Reported by: Robert Morris <rtm@lcs.mit.edu>
(cherry picked from commit 6742ff42ab3b6e65239f975314060b1393e22d62)
-rw-r--r-- | crypto/heimdal/lib/krb5/read_message.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/crypto/heimdal/lib/krb5/read_message.c b/crypto/heimdal/lib/krb5/read_message.c index 4e9bd012dd67..e994b0f09133 100644 --- a/crypto/heimdal/lib/krb5/read_message.c +++ b/crypto/heimdal/lib/krb5/read_message.c @@ -55,6 +55,11 @@ krb5_read_message (krb5_context context, return HEIM_ERR_EOF; } len = (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3]; + if (len == 0) { + krb5_clear_error_message(context); + return HEIM_ERR_EOF; + } + ret = krb5_data_alloc (data, len); if (ret) { krb5_clear_error_message(context); |