X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fkerberos.c;h=e43bd0b45c1289355d134a2670ccc6aa1b3b3fa2;hb=6661a26e9bc2f2fa8dd14f573a9d72acd0c5bfae;hp=b7c6d70917997db89566c495cb8b6163d3b3e824;hpb=fda3d6260e25f1d0b9c035b0d520b2c9d0f22e49;p=openldap

diff --git a/servers/slapd/kerberos.c b/servers/slapd/kerberos.c
index b7c6d70917..e43bd0b45c 100644
--- a/servers/slapd/kerberos.c
+++ b/servers/slapd/kerberos.c
@@ -2,7 +2,7 @@
 /* $OpenLDAP$ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2008 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -41,12 +41,16 @@ krbv4_ldap_auth(
 
 	Debug( LDAP_DEBUG_TRACE, "=> kerberosv4_ldap_auth\n", 0, 0, 0 );
 
+	if( cred->len > sizeof(ktxt->dat) ) {
+		return LDAP_OTHER;
+	}
+
 	AC_MEMCPY( ktxt->dat, cred->bv_val, cred->bv_len );
 	ktxt->length = cred->bv_len;
 
 	strcpy( instance, "*" );
 	if ( (err = krb_rd_req( ktxt, LDAP_KRB_PRINCIPAL, instance, 0L, ad,
-	    SLAPD_GLOBAL(ldap_srvtab) )) != KSUCCESS ) {
+	    ldap_srvtab )) != KSUCCESS ) {
 		Debug( LDAP_DEBUG_ANY, "krb_rd_req failed (%s)\n",
 		    krb_err_txt[err], 0, 0 );
 		return( LDAP_INVALID_CREDENTIALS );