CVE-2020-10704: lib util asn1: Add ASN.1 max tree depth

[samba.git] / source4 / auth / gensec / gensec_krb5.c

diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c
index 866ecc821337d99f221510ff3a1940250ba34ac8..45abbb97b6bba0cd02f2374b8628ce65de0b7730 100644 (file)
--- a/source4/auth/gensec/gensec_krb5.c
+++ b/source4/auth/gensec/gensec_krb5.c
@@ -438,7 +438,7 @@ static DATA_BLOB gensec_gssapi_gen_krb5_wrap(TALLOC_CTX *mem_ctx, const DATA_BLO
        struct asn1_data *data;
        DATA_BLOB ret = data_blob_null;
 
-       data = asn1_init(mem_ctx);
+       data = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
        if (!data || !ticket->data) {
                return ret;
        }
@@ -472,7 +472,7 @@ static DATA_BLOB gensec_gssapi_gen_krb5_wrap(TALLOC_CTX *mem_ctx, const DATA_BLO
 static bool gensec_gssapi_parse_krb5_wrap(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob, DATA_BLOB *ticket, uint8_t tok_id[2])
 {
        bool ret = false;
-       struct asn1_data *data = asn1_init(mem_ctx);
+       struct asn1_data *data = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
        int data_remaining;
 
        if (!data) {