From 6742ff42ab3b6e65239f975314060b1393e22d62 Mon Sep 17 00:00:00 2001
From: Cy Schubert <cy@FreeBSD.org>
Date: Wed, 30 Nov 2022 16:11:18 -0800
Subject: [PATCH] heimdal: Fix bus fault when zero-length request received

Zero length client requests result in a bus fault when attempting to
free malloc()ed pointers within the requests softc. Return an error
when the request is zero length.

PR:		268062
Reported by:	Robert Morris <rtm@lcs.mit.edu>
MFC after:	3 days
---
 crypto/heimdal/lib/krb5/read_message.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/crypto/heimdal/lib/krb5/read_message.c b/crypto/heimdal/lib/krb5/read_message.c
index 4e9bd012dd67..e994b0f09133 100644
--- a/crypto/heimdal/lib/krb5/read_message.c
+++ b/crypto/heimdal/lib/krb5/read_message.c
@@ -55,6 +55,11 @@ krb5_read_message (krb5_context context,
 	return HEIM_ERR_EOF;
     }
     len = (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
+    if (len == 0) {
+	krb5_clear_error_message(context);
+	return HEIM_ERR_EOF;
+    }
+
     ret = krb5_data_alloc (data, len);
     if (ret) {
 	krb5_clear_error_message(context);