-^samba.unittests.auth.heimdal_gensec_unwrap_des.test_unwrap_dce_style_missing_payload.none
-^samba.unittests.auth.heimdal_gensec_unwrap_des.test_unwrap_dce_style_with_seal_missing_payload.none
-^samba.unittests.auth.heimdal_gensec_unwrap_des.test_unwrap_missing_8_bytes.none
-^samba.unittests.auth.heimdal_gensec_unwrap_des.test_unwrap_missing_payload.none
^samba.unittests.auth.heimdal_gensec_unwrap_des.test_unwrap_truncated_header_0.none
^samba.unittests.auth.heimdal_gensec_unwrap_des.test_unwrap_with_padding_truncated_0.none
^samba.unittests.auth.heimdal_gensec_unwrap_des.test_unwrap_with_padding_truncated_1.none
-^samba.unittests.auth.heimdal_gensec_unwrap_des.test_unwrap_with_seal_missing_payload.none
if (IS_DCE_STYLE(context_handle)) {
token_len = 22 + 8 + 15; /* 45 */
+ if (input_message_buffer->length < token_len)
+ return GSS_S_BAD_MECH;
} else {
token_len = input_message_buffer->length;
}
if (ret)
return ret;
+ len = (p - (u_char *)input_message_buffer->value)
+ + 22 + 8;
+ if (input_message_buffer->length < len)
+ return GSS_S_BAD_MECH;
+
if (memcmp (p, "\x00\x00", 2) != 0)
return GSS_S_BAD_SIG;
p += 2;
if (IS_DCE_STYLE(context_handle)) {
token_len = 34 + 8 + 15; /* 57 */
+ if (input_message_buffer->length < token_len)
+ return GSS_S_BAD_MECH;
} else {
token_len = input_message_buffer->length;
}
if (ret)
return ret;
+ len = (p - (u_char *)input_message_buffer->value)
+ + 34 + 8;
+ if (input_message_buffer->length < len)
+ return GSS_S_BAD_MECH;
+
if (ct_memcmp (p, "\x04\x00", 2) != 0) /* HMAC SHA1 DES3_KD */
return GSS_S_BAD_SIG;
p += 2;