* realmofhost.c (krb_realmofhost): Add bounds checking to various

things. * g_krbhst.c (krb_get_krbhst): Fix to bound fscanf and sscanf. * g_krbrlm.c (krb_get_lrealm): Fix to bound fscanf. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10066 dc483132-0cff-0310-8789-dd5450dbe970
author: Tom Yu <tlyu@mit.edu> 1997-04-10 04:09:08 +0000
committer: Tom Yu <tlyu@mit.edu> 1997-04-10 04:09:08 +0000
commit: 9aa7e45ddca496e51b60d436eea5e0628838e81a (patch)
tree: 91bccecd3481766b32ce6e8635467c52b21a79c9 /src/lib
parent: 06b82a7c7abc400d0c0c5366f7d20105a08dbc3f (diff)
download: krb5-9aa7e45ddca496e51b60d436eea5e0628838e81a.tar.gz
krb5-9aa7e45ddca496e51b60d436eea5e0628838e81a.tar.xz
krb5-9aa7e45ddca496e51b60d436eea5e0628838e81a.zip
4 files changed, 30 insertions, 9 deletions
diff --git a/src/lib/krb4/ChangeLog b/src/lib/krb4/ChangeLog
index d00a26da84..a8911e511d 100644
--- a/src/lib/krb4/ChangeLog
+++ b/src/lib/krb4/ChangeLog
@@ -1,3 +1,12 @@
+Wed Apr  9 23:15:39 1997  Tom Yu  <tlyu@mit.edu>
+
+	* realmofhost.c (krb_realmofhost): Add bounds checking to various
+	things.
+
+	* g_krbhst.c (krb_get_krbhst): Fix to bound fscanf and sscanf.
+
+	* g_krbrlm.c (krb_get_lrealm): Fix to bound fscanf.
+
 Sat Feb 22 19:02:08 1997  Richard Basch  <basch@lehman.com>
 
 	* Makefile.in: Use some of the new library list build rules in
diff --git a/src/lib/krb4/g_krbhst.c b/src/lib/krb4/g_krbhst.c
index c95abdb207..529ac07694 100644
--- a/src/lib/krb4/g_krbhst.c
+++ b/src/lib/krb4/g_krbhst.c
@@ -75,7 +75,7 @@ krb_get_krbhst(h,r,n)
     cnffile = krb__get_cnffile();
     if (!cnffile)
         return get_krbhst_default(h, r, n);
-    if (fscanf(cnffile,"%s",tr) == EOF)
+    if (fscanf(cnffile,"%39s",tr) == EOF) /* XXX assumes REALM_SZ == 40 */
         return get_krbhst_default(h, r, n);
     /* run through the file, looking for the nth server for this realm */
     for (i = 1; i <= n;) {
@@ -83,7 +83,7 @@ krb_get_krbhst(h,r,n)
             (void) fclose(cnffile);
             return get_krbhst_default(h, r, n);
         }
-	if (sscanf(linebuf, "%s %s", tr, h) != 2)
+	if (sscanf(linebuf, "%39s %1023s", tr, h) != 2)	/* REALM_SZ == 40 */
 	    continue;
         if (!strcmp(tr,r))
             i++;
diff --git a/src/lib/krb4/g_krbrlm.c b/src/lib/krb4/g_krbrlm.c
index c6f9345856..983150ce40 100644
--- a/src/lib/krb4/g_krbrlm.c
+++ b/src/lib/krb4/g_krbrlm.c
@@ -51,7 +51,11 @@ krb_get_lrealm(r,n)
 	    return(KFAILURE);
     }
 
-    if (fscanf(cnffile,"%s",r) != 1) {
+    /*
+     * XXX This assumes REALM_SZ == 40,
+     * and that r is 40 characters long.
+     */
+    if (fscanf(cnffile,"%39s",r) != 1) {
         (void) fclose(cnffile);
         return(KFAILURE);
     }
diff --git a/src/lib/krb4/realmofhost.c b/src/lib/krb4/realmofhost.c
index 73af92931d..b15ce94147 100644
--- a/src/lib/krb4/realmofhost.c
+++ b/src/lib/krb4/realmofhost.c
@@ -44,12 +44,16 @@ static char ret_realm[REALM_SZ+1];
 
 KRB5_DLLIMP char FAR * KRB5_CALLCONV
 krb_realmofhost(host)
-char FAR *host;
+    char FAR *host;
 {
 	char *domain;
 	FILE *trans_file;
 	FILE *krb__get_realmsfile();
-	char trans_host[MAXHOSTNAMELEN+1];
+	/*
+	 * This used to be MAXHOSTNAMELEN, but we don't know how big
+	 * that will necessarily be on all systems, so assume 1024.
+	 */
+	char trans_host[1024];
 	char trans_realm[REALM_SZ+1];
 	int retval;
 	struct hostent *h;
@@ -112,24 +116,28 @@ char FAR *host;
 
 	/* loop while not exact match, and more entries to read */
 	while (1) {
-		if ((retval = fscanf(trans_file, "%s %s",
+	        /* XXX REALM_SZ == 40 */
+		if ((retval = fscanf(trans_file, "%1023s %40s",
 				     trans_host, trans_realm)) != 2) {
 			if (retval == EOF)
 			  break;
 			continue;	/* ignore broken lines */
 		}
-		trans_host[MAXHOSTNAMELEN] = '\0';
+		trans_host[(MAXHOSTNAMELEN <= 1023) ? MAXHOSTNAMELEN : 1023]
+			= '\0';
 		trans_realm[REALM_SZ] = '\0';
 		if (trans_host[0] == '.') {
 		  /* want domain match only */
-		  if (domain && !strcasecmp (trans_host, domain)) {
+		  if (domain && (strlen(trans_host) == strlen(domain))
+		      && !strcasecmp (trans_host, domain)) {
 		    /* got domain match, save for later */
 		    (void) strcpy (ret_realm, trans_realm);
 		    continue;
 		  }
 		} else {
 		  /* want exact match of hostname */
-		  if (!strcasecmp (trans_host, lhost)) {
+		  if ((strlen(lhost) == strlen(trans_host)) &&
+		      !strcasecmp (trans_host, lhost)) {
 		    (void) strcpy (ret_realm, trans_realm);
 		    break;
 		  }
author	Tom Yu <tlyu@mit.edu>	1997-04-10 04:09:08 +0000
committer	Tom Yu <tlyu@mit.edu>	1997-04-10 04:09:08 +0000
commit	9aa7e45ddca496e51b60d436eea5e0628838e81a (patch)
tree	91bccecd3481766b32ce6e8635467c52b21a79c9 /src/lib
parent	06b82a7c7abc400d0c0c5366f7d20105a08dbc3f (diff)
download	krb5-9aa7e45ddca496e51b60d436eea5e0628838e81a.tar.gz krb5-9aa7e45ddca496e51b60d436eea5e0628838e81a.tar.xz krb5-9aa7e45ddca496e51b60d436eea5e0628838e81a.zip