merge from krb5-1-2-beta4

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12427 dc483132-0cff-0310-8789-dd5450dbe970

2 files changed, 13 insertions, 3 deletions

diff --git a/src/tests/verify/ChangeLog b/src/tests/verify/ChangeLog
index 2f63d09fe4..a97ea811a4 100644
--- a/src/tests/verify/ChangeLog
+++ b/src/tests/verify/ChangeLog
@@ -1,3 +1,12 @@
+2000-05-11  Nalin Dahyabhai  <nalin@redhat.com>
+
+	* kdb5_verify.c (main): Make sure buffer "principal_string" is
+	properly terminated.
+
+2000-05-08  Nalin Dahyabhai  <nalin@redhat.com>
+
+	* kdb5_verify.c (main): Don't overflow buffer "tmp".
+
 1999-10-26  Wilfredo Sanchez  <tritan@mit.edu>
 
 	* Makefile.in: Clean up usage of CFLAGS, CPPFLAGS, DEFS, DEFINES,
diff --git a/src/tests/verify/kdb5_verify.c b/src/tests/verify/kdb5_verify.c
index bfb0661369..e4277b18c6 100644
--- a/src/tests/verify/kdb5_verify.c
+++ b/src/tests/verify/kdb5_verify.c
@@ -131,7 +131,8 @@ char *argv[];
 	    mkey_password = optarg;
 	    break;
 	case 'p':                       /* prefix name to check */
-	    strcpy(principal_string, optarg);
+	    strncpy(principal_string, optarg, sizeof(principal_string) - 1);
+	    principal_string[sizeof(principal_string) - 1] = '\0';
 	    suffix = principal_string + strlen(principal_string);
 	    break;
        case 'n':                        /* how many to check */
@@ -199,9 +200,9 @@ char *argv[];
       if (check_princ(context, str_princ)) errors++;
 
       for (i = 2; i <= depth; i++) {
-	tmp2[0] = '\0';
 	(void) sprintf(tmp2, "/%s-DEPTH-%d", principal_string, i);
-	strcat(tmp, tmp2);
+	tmp2[sizeof(tmp2) - 1] = '\0';
+	strncat(tmp, tmp2, sizeof(tmp) - 1 - strlen(tmp));
 	str_princ = tmp;
 	if (check_princ(context, str_princ)) errors++;
       }