1 --- lib/krb5/recvauth.c.orig	2022-09-15 16:54:19.000000000 -0700
2 +++ lib/krb5/recvauth.c	2022-11-21 14:37:31.130429000 -0800
3 @@ -98,7 +98,7 @@
4      const char *version = KRB5_SENDAUTH_VERSION;
5      char her_version[sizeof(KRB5_SENDAUTH_VERSION)];
6      char *her_appl_version;
7 -    uint32_t len;
8 +    uint32_t len, bytes;
9      u_char repl;
10      krb5_data data;
11      krb5_flags ap_options;
12 @@ -166,15 +166,21 @@
13  	krb5_net_write (context, p_fd, &repl, 1);
14  	return krb5_enomem(context);
15      }
16 -    if (krb5_net_read (context, p_fd, her_appl_version, len) != len
17 -	|| !(*match_appl_version)(match_data, her_appl_version)) {
18 -	repl = 2;
19 -	krb5_net_write (context, p_fd, &repl, 1);
20 -	krb5_set_error_message(context, KRB5_SENDAUTH_BADAPPLVERS,
21 -			       N_("wrong sendauth application version (%s)", ""),
22 -			       her_appl_version);
23 -	free (her_appl_version);
24 -	return KRB5_SENDAUTH_BADAPPLVERS;
25 +    if ((bytes = krb5_net_read (context, p_fd, her_appl_version, len))) {
26 +	/* PR/267884: String read must always conatain a terminating NUL */
27 +	if (strnlen(her_appl_version, len) == len)
28 +		her_appl_version[len-1] = '\0';
29 +
30 +	if (bytes != len ||
31 +		!(*match_appl_version)(match_data, her_appl_version)) {
32 +		repl = 2;
33 +		krb5_net_write (context, p_fd, &repl, 1);
34 +		krb5_set_error_message(context, KRB5_SENDAUTH_BADAPPLVERS,
35 +				       N_("wrong sendauth application version (%s)", ""),
36 +				       her_appl_version);
37 +		free (her_appl_version);
38 +		return KRB5_SENDAUTH_BADAPPLVERS;
39 +    	}
40      }
41      free (her_appl_version);
42 
43