[CVE-2020-8625] Fix off-by-one bug in ISC SPNEGO implementation

See merge request isc-private/bind9!235 https://kb.isc.org/v1/docs/cve-2020-8625 Change-Id: Ic341e6aa2d32084c7c50f53dff9e70a219b5ddd6
author: Seonah Moon <seonah1.moon@samsung.com> 2023-02-20 13:59:20 +0900
committer: seonah moon <seonah1.moon@samsung.com> 2023-02-20 07:34:39 +0000
commit: 69d5f318491054e9d38d44f2baa01e1cba619e7b (patch)
tree: 2ec3ae5548a53649bb01fffa778afaf80afd9028 /lib
parent: 99c991f31d46e6beac2a48e99cbd4c3064f27d75 (diff)
download: bind-69d5f318491054e9d38d44f2baa01e1cba619e7b.tar.gz
bind-69d5f318491054e9d38d44f2baa01e1cba619e7b.tar.bz2
bind-69d5f318491054e9d38d44f2baa01e1cba619e7b.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/dns/spnego.c b/lib/dns/spnego.c
index 0e84f315..fc7120c8 100644
--- a/lib/dns/spnego.c
+++ b/lib/dns/spnego.c
@@ -83,7 +83,7 @@
  *
  * ----------------------------------------------------------------
  *
- * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2003 Kungliga Tekniska H?gskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  *
@@ -876,7 +876,7 @@ der_get_oid(const unsigned char *p, size_t len, oid *data, size_t *size) {
 		return (ASN1_OVERRUN);
 	}
 
-	data->components = malloc(len * sizeof(*data->components));
+	data->components = malloc((len + 1) * sizeof(*data->components));
 	if (data->components == NULL) {
 		return (ENOMEM);
 	}
author	Seonah Moon <seonah1.moon@samsung.com>	2023-02-20 13:59:20 +0900
committer	seonah moon <seonah1.moon@samsung.com>	2023-02-20 07:34:39 +0000
commit	69d5f318491054e9d38d44f2baa01e1cba619e7b (patch)
tree	2ec3ae5548a53649bb01fffa778afaf80afd9028 /lib
parent	99c991f31d46e6beac2a48e99cbd4c3064f27d75 (diff)
download	bind-69d5f318491054e9d38d44f2baa01e1cba619e7b.tar.gz bind-69d5f318491054e9d38d44f2baa01e1cba619e7b.tar.bz2 bind-69d5f318491054e9d38d44f2baa01e1cba619e7b.zip