From 796e4197f696261c1f872d7576371232330bcc30 Mon Sep 17 00:00:00 2001 From: Simon Josefsson <simon@josefsson.org> Date: Fri, 15 Jul 2022 16:23:58 +0200 Subject: [PATCH] GSSAPI server: Boundary check gss_wrap token (read OOB). --- gsasl-1.8.0.orig/gssapi/server.c +++ gsasl-1.8.0/gssapi/server.c @@ -232,6 +232,9 @@ _gsasl_gssapi_server_step (Gsasl_session FALSE, and responds with the generated output_message. The client can then consider the server authenticated. */ + if (bufdesc2.length < 4) + return GSASL_AUTHENTICATION_ERROR; + if ((((char *) bufdesc2.value)[0] & GSASL_QOP_AUTH) == 0) { /* Integrity or privacy unsupported */