[src/trunk]: src/lib/libtelnet Avoid buffer overflow, reported by Colin Perci...

[christos <christos%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/8e5a86caca94
branches:  trunk
changeset: 772199:8e5a86caca94
user:      christos <christos%NetBSD.org@localhost>
date:      Fri Dec 23 16:48:16 2011 +0000

description:
Avoid buffer overflow, reported by Colin Percival at FreeBSD

diffstat:

 lib/libtelnet/encrypt.c |  6 ++++--
 1 files changed, 4 insertions(+), 2 deletions(-)

diffs (27 lines):

diff -r 66f8883928ac -r 8e5a86caca94 lib/libtelnet/encrypt.c
--- a/lib/libtelnet/encrypt.c   Fri Dec 23 16:38:50 2011 +0000
+++ b/lib/libtelnet/encrypt.c   Fri Dec 23 16:48:16 2011 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: encrypt.c,v 1.14 2007/01/17 23:24:22 hubertf Exp $     */
+/*     $NetBSD: encrypt.c,v 1.15 2011/12/23 16:48:16 christos Exp $    */
 
 /*-
  * Copyright (c) 1991, 1993
@@ -33,7 +33,7 @@
 #if 0
 static char sccsid[] = "@(#)encrypt.c  8.2 (Berkeley) 5/30/95";
 #else
-__RCSID("$NetBSD: encrypt.c,v 1.14 2007/01/17 23:24:22 hubertf Exp $");
+__RCSID("$NetBSD: encrypt.c,v 1.15 2011/12/23 16:48:16 christos Exp $");
 #endif /* not lint */
 
 /*
@@ -765,6 +765,8 @@
                if (ep->keyid)
                        (void)(*ep->keyid)(dir, kp->keyid, &kp->keylen);
 
+       } else if (len > sizeof(kp->keyid)) {
+               return;
        } else if ((len != kp->keylen) ||
                   (memcmp(keyid, kp->keyid, len) != 0)) {
                /*