From 796e4197f696261c1f872d7576371232330bcc30 Mon Sep 17 00:00:00 2001
From: Simon Josefsson <simon@josefsson.org>
Date: Fri, 15 Jul 2022 16:23:58 +0200
Subject: [PATCH] GSSAPI server: Boundary check gss_wrap token (read OOB).
--- gsasl-1.8.0.orig/gssapi/server.c
+++ gsasl-1.8.0/gssapi/server.c
@@ -232,6 +232,9 @@ _gsasl_gssapi_server_step (Gsasl_session
FALSE, and responds with the generated output_message. The
client can then consider the server authenticated. */
+ if (bufdesc2.length < 4)
+ return GSASL_AUTHENTICATION_ERROR;
+
if ((((char *) bufdesc2.value)[0] & GSASL_QOP_AUTH) == 0)
{
/* Integrity or privacy unsupported */
distrib
>
Mageia
>
9
>
armv7hl
>
media
>
core-release-src
>
by-pkgid
>
ed13b2ac522f0b761fb13414fb41302a
>
files
>
1
