[Midnightbsd-cvs] src [9314] trunk/sys/rpc/rpcsec_gss/rpcsec_gss_prot.c: Improve error handling when unwrapping received data.
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Thu Mar 2 19:12:32 EST 2017
Revision: 9314
http://svnweb.midnightbsd.org/src/?rev=9314
Author: laffer1
Date: 2017-03-02 19:12:32 -0500 (Thu, 02 Mar 2017)
Log Message:
-----------
Improve error handling when unwrapping received data.
Modified Paths:
--------------
trunk/sys/rpc/rpcsec_gss/rpcsec_gss_prot.c
Modified: trunk/sys/rpc/rpcsec_gss/rpcsec_gss_prot.c
===================================================================
--- trunk/sys/rpc/rpcsec_gss/rpcsec_gss_prot.c 2017-03-03 00:10:13 UTC (rev 9313)
+++ trunk/sys/rpc/rpcsec_gss/rpcsec_gss_prot.c 2017-03-03 00:12:32 UTC (rev 9314)
@@ -208,6 +208,8 @@
struct mbuf *n;
int off;
+ if (m == NULL)
+ return;
n = m_getptr(m, len, &off);
if (n) {
n->m_len = off;
@@ -251,10 +253,19 @@
* Extract the MIC and make it contiguous.
*/
cklen = get_uint32(&results);
+ if (!results) {
+ m_freem(message);
+ return (FALSE);
+ }
KASSERT(cklen <= MHLEN, ("unexpected large GSS-API checksum"));
mic = results;
- if (cklen > mic->m_len)
+ if (cklen > mic->m_len) {
mic = m_pullup(mic, cklen);
+ if (!mic) {
+ m_freem(message);
+ return (FALSE);
+ }
+ }
if (cklen != RNDUP(cklen))
m_trim(mic, cklen);
@@ -272,6 +283,8 @@
} else if (svc == rpc_gss_svc_privacy) {
/* Decode databody_priv. */
len = get_uint32(&results);
+ if (!results)
+ return (FALSE);
/* Decrypt databody. */
message = results;
@@ -294,6 +307,8 @@
/* Decode rpc_gss_data_t (sequence number + arguments). */
seq_num = get_uint32(&message);
+ if (!message)
+ return (FALSE);
/* Verify sequence number. */
if (seq_num != seq) {
More information about the Midnightbsd-cvs
mailing list