From 2ce37cf706ef4be0616eda966bcf6cf1b0b489a3 Mon Sep 17 00:00:00 2001
From: Luke Howard <lukeh@padl.com>
Date: Tue, 15 Mar 2011 19:55:08 +1100
Subject: [PATCH] correct buffer length check when importing name

---
 util_name.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/util_name.c b/util_name.c
index d365f98..70d23e2 100644
--- a/util_name.c
+++ b/util_name.c
@@ -282,7 +282,7 @@ gssEapImportNameInternal(OM_uint32 *minor,
     remain = nameBuffer->length;
 
     if (flags & EXPORT_NAME_FLAG_OID) {
-        if (remain < 6 + GSS_EAP_MECHANISM->length + 4)
+        if (remain < 6 + GSS_EAP_MECHANISM->length)
             return GSS_S_BAD_NAME;
 
         if (flags & EXPORT_NAME_FLAG_COMPOSITE)
@@ -312,6 +312,7 @@ gssEapImportNameInternal(OM_uint32 *minor,
     }
 
     /* NAME_LEN */
+    CHECK_REMAIN(4);
     len = load_uint32_be(p);
     UPDATE_REMAIN(4);
 
-- 
2.1.4