27 lines
834 B
Diff
27 lines
834 B
Diff
From 796e4197f696261c1f872d7576371232330bcc30 Mon Sep 17 00:00:00 2001
|
|
From: Simon Josefsson <simon@josefsson.org>
|
|
Date: Fri, 15 Jul 2022 16:23:58 +0200
|
|
Subject: [PATCH] GSSAPI server: Boundary check gss_wrap token (read OOB).
|
|
|
|
---
|
|
lib/gssapi/server.c | 3 +++
|
|
1 file changed, 3 insertions(+)
|
|
|
|
diff --git a/lib/gssapi/server.c b/lib/gssapi/server.c
|
|
index 5410360b..4ebfda47 100644
|
|
--- a/lib/gssapi/server.c
|
|
+++ b/lib/gssapi/server.c
|
|
@@ -218,6 +218,9 @@ _gsasl_gssapi_server_step (Gsasl_session * sctx,
|
|
FALSE, and responds with the generated output_message. The
|
|
client can then consider the server authenticated. */
|
|
|
|
+ if (bufdesc2.length < 4)
|
|
+ return GSASL_AUTHENTICATION_ERROR;
|
|
+
|
|
if ((((char *) bufdesc2.value)[0] & GSASL_QOP_AUTH) == 0)
|
|
{
|
|
/* Integrity or privacy unsupported */
|
|
--
|
|
GitLab
|
|
|