From 922d856d600f35f6599061435fb86a4ed56938d0 Mon Sep 17 00:00:00 2001
From: Quanah Gibson-Mount <quanah@openldap.org>
Date: Sat, 16 Dec 2006 01:39:41 +0000
Subject: [PATCH] ITS#4775: blind fix for buffer overflow condition in dead
 KrbIV code

---
 servers/slapd/kerberos.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/servers/slapd/kerberos.c b/servers/slapd/kerberos.c
index 225b8d1421..e4b408c35b 100644
--- a/servers/slapd/kerberos.c
+++ b/servers/slapd/kerberos.c
@@ -41,6 +41,10 @@ krbv4_ldap_auth(
 
 	Debug( LDAP_DEBUG_TRACE, "=> kerberosv4_ldap_auth\n", 0, 0, 0 );
 
+	if( cred->len > sizeof(ktxt->dat) ) {
+		return LDAP_OTHER;
+	}
+
 	AC_MEMCPY( ktxt->dat, cred->bv_val, cred->bv_len );
 	ktxt->length = cred->bv_len;
 
-- 
GitLab