heimdal: CVE-2022-41916: Check for overflow in _gsskrb5_get_mech()
Apply upstream
22749e918 to fix a buffer overflow.
Upstream notes:
If len_len is equal to total_len - 1 (i.e. the input consists only of a
0x60 byte and a length), the expression 'total_len - 1 - len_len - 1',
used as the 'len' parameter to der_get_length(), will overflow to
SIZE_MAX. Then der_get_length() will proceed to read, unconstrained,
whatever data follows in memory. Add a check to ensure that doesn't
happen
This is similar to samba CVE-2022-3437.
Reported by: emaste
Security: CVE-2022-41916
Obtained from: upstream
22749e918
MFC after: 1 week
projects / FreeBSD / FreeBSD.git / commit