From 33ada3676c4be83dc22cd7765e3904fe7c9377c6 Mon Sep 17 00:00:00 2001
From: Derrick Brashear <shadow@dementia.org>
Date: Fri, 13 Sep 2002 03:48:45 +0000
Subject: [PATCH] rxkad-client-offer-better-bad-token-warnings-20020912

if it's too large to be a valid token, offer a useful error.
---
 src/afs/afs_pioctl.c     | 1 +
 src/rxkad/rxkad_client.c | 1 +
 2 files changed, 2 insertions(+)

diff --git a/src/afs/afs_pioctl.c b/src/afs/afs_pioctl.c
index e9b108f77..463c703fc 100644
--- a/src/afs/afs_pioctl.c
+++ b/src/afs/afs_pioctl.c
@@ -1360,6 +1360,7 @@ DECL_PIOCTL(PSetTokens)
     ain += sizeof(afs_int32);
     stp	= ain;	/* remember where the ticket is */
     if (i < 0 || i > 2000) return EINVAL;	/* malloc may fail */
+    if (i > MAXKTCTICKETLEN) return EINVAL;
     stLen = i;
     ain	+= i;	/* skip over ticket */
     memcpy((char *)&i, ain, sizeof(afs_int32));
diff --git a/src/rxkad/rxkad_client.c b/src/rxkad/rxkad_client.c
index 042e091db..769c33840 100644
--- a/src/rxkad/rxkad_client.c
+++ b/src/rxkad/rxkad_client.c
@@ -190,6 +190,7 @@ struct rx_securityClass *rxkad_NewClientSecurityObject(
     memcpy((void *)tcp->ivec, (void *)sessionkey, sizeof(tcp->ivec));
     tcp->kvno = kvno;			/* key version number */
     tcp->ticketLen = ticketLen;		/* length of ticket */
+    if (tcp->ticketLen > MAXKTCTICKETLEN) return 0; /* bad key */
     memcpy(tcp->ticket, ticket, ticketLen);
 
     LOCK_RXKAD_STATS
-- 
2.39.5