From 177b63cfd0473a91e45a05e94047826913e2e128 Mon Sep 17 00:00:00 2001
From: Derrick Brashear <shadow@dementia.org>
Date: Fri, 13 Sep 2002 03:53:19 +0000
Subject: [PATCH] 
 STABLE12-rxkad-client-offer-better-bad-token-warnings-20020912

if it's too large to be a valid token, offer a useful error.


(cherry picked from commit 33ada3676c4be83dc22cd7765e3904fe7c9377c6)
---
 src/afs/afs_pioctl.c     | 1 +
 src/rxkad/rxkad_client.c | 1 +
 2 files changed, 2 insertions(+)

diff --git a/src/afs/afs_pioctl.c b/src/afs/afs_pioctl.c
index 242fdbd38..3bae14863 100644
--- a/src/afs/afs_pioctl.c
+++ b/src/afs/afs_pioctl.c
@@ -1432,6 +1432,7 @@ static PGCPAGs(avc, afun, areq, ain, aout, ainSize, aoutSize, acred)
     ain += sizeof(afs_int32);
     stp	= ain;	/* remember where the ticket is */
     if (i < 0 || i > 2000) return EINVAL;	/* malloc may fail */
+    if (i > MAXKTCTICKETLEN) return EINVAL;
     stLen = i;
     ain	+= i;	/* skip over ticket */
     memcpy((char *)&i, ain, sizeof(afs_int32));
diff --git a/src/rxkad/rxkad_client.c b/src/rxkad/rxkad_client.c
index 637ac769f..44cb9ec1f 100644
--- a/src/rxkad/rxkad_client.c
+++ b/src/rxkad/rxkad_client.c
@@ -196,6 +196,7 @@ rxkad_NewClientSecurityObject(level, sessionkey, kvno, ticketLen, ticket)
     memcpy((void *)tcp->ivec, (void *)sessionkey, sizeof(tcp->ivec));
     tcp->kvno = kvno;			/* key version number */
     tcp->ticketLen = ticketLen;		/* length of ticket */
+    if (tcp->ticketLen > MAXKTCTICKETLEN) return 0; /* bad key */
     memcpy(tcp->ticket, ticket, ticketLen);
 
     LOCK_RXKAD_STATS
-- 
2.39.5