From ba9341c7de216acea5fc194fb42944714553a1a5 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 15 Feb 2002 23:11:13 +0000
Subject: Try not to malloc -1 bytes (apx 4GB) when the data is already in
 error.

Andrew Bartlett
(This used to be commit ad1faf8fa4019cb57fbb7f311f6d4943359bcd45)
---
 source3/libsmb/clispnego.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

(limited to 'source3/libsmb/clispnego.c')

diff --git a/source3/libsmb/clispnego.c b/source3/libsmb/clispnego.c
index a962953b90..a4fcfa5d9a 100644
--- a/source3/libsmb/clispnego.c
+++ b/source3/libsmb/clispnego.c
@@ -247,13 +247,23 @@ BOOL spnego_parse_krb5_wrap(DATA_BLOB blob, DATA_BLOB *ticket)
 {
 	BOOL ret;
 	ASN1_DATA data;
+	int data_remaining;
 
 	asn1_load(&data, blob);
 	asn1_start_tag(&data, ASN1_APPLICATION(0));
 	asn1_check_OID(&data, OID_KERBEROS5);
 	asn1_check_BOOLEAN(&data, 0);
-	*ticket = data_blob(data.data, asn1_tag_remaining(&data));
-	asn1_read(&data, ticket->data, ticket->length);
+
+	data_remaining = asn1_tag_remaining(&data);
+
+	if (data_remaining < 1) {
+		data.has_error = True;
+	} else {
+		
+		*ticket = data_blob(data.data, data_remaining);
+		asn1_read(&data, ticket->data, ticket->length);
+	}
+
 	asn1_end_tag(&data);
 
 	ret = !data.has_error;
-- 
cgit