diff options
| author | Ken Raeburn <raeburn@mit.edu> | 1999-09-01 21:50:32 +0000 |
|---|---|---|
| committer | Ken Raeburn <raeburn@mit.edu> | 1999-09-01 21:50:32 +0000 |
| commit | 6772cbcb5be8aa088e5bcfbe1db78edb83fd07d7 (patch) | |
| tree | 4d1bf12074e361422b682fd61f66e0d5ed734c3c /src | |
| parent | cdb1b0fc4869d3a6362b6c8f3bed7b6644d9a926 (diff) | |
| download | krb5-6772cbcb5be8aa088e5bcfbe1db78edb83fd07d7.tar.gz krb5-6772cbcb5be8aa088e5bcfbe1db78edb83fd07d7.tar.xz krb5-6772cbcb5be8aa088e5bcfbe1db78edb83fd07d7.zip | |
jaltman's principal-name check from 1.1 branch, indentation fixed
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11776 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src')
| -rw-r--r-- | src/appl/telnet/libtelnet/ChangeLog | 4 | ||||
| -rw-r--r-- | src/appl/telnet/libtelnet/kerberos5.c | 27 |
2 files changed, 29 insertions, 2 deletions
diff --git a/src/appl/telnet/libtelnet/ChangeLog b/src/appl/telnet/libtelnet/ChangeLog index c3a779a42f..61e3fc8e31 100644 --- a/src/appl/telnet/libtelnet/ChangeLog +++ b/src/appl/telnet/libtelnet/ChangeLog @@ -1,3 +1,7 @@ +1999-08-31 17:28 Jeffrey Altman <jaltman@columbia.edu> + + * kerberos5.c: Ensure that only "host" service tickets are accepted. + Wed Feb 3 22:59:27 1999 Theodore Y. Ts'o <tytso@mit.edu> * kerberos5.c: Increase size of str_data so that we can accept diff --git a/src/appl/telnet/libtelnet/kerberos5.c b/src/appl/telnet/libtelnet/kerberos5.c index 73b2c8780f..3fa9ca43b4 100644 --- a/src/appl/telnet/libtelnet/kerberos5.c +++ b/src/appl/telnet/libtelnet/kerberos5.c @@ -377,7 +377,7 @@ kerberos5_is(ap, data, cnt) #ifdef ENCRYPTION Session_Key skey; #endif - char errbuf[128]; + char errbuf[320]; char *name; char *getenv(); krb5_data inbuf; @@ -423,6 +423,29 @@ kerberos5_is(ap, data, cnt) (void) strcat(errbuf, error_message(r)); goto errout; } + + /* + * 256 bytes should be much larger than any reasonable + * first component of a service name especially since + * the default is of length 4. + */ + if (krb5_princ_component(telnet_context,ticket->server,0)->length < 256) { + char princ[256]; + strncpy(princ, + krb5_princ_component(telnet_context, ticket->server,0)->data, + krb5_princ_component(telnet_context, ticket->server,0)->length); + princ[krb5_princ_component(telnet_context, + ticket->server,0)->length] = '\0'; + if (strcmp("host", princ)) { + (void) sprintf(errbuf, "incorrect service name: \"%s\" != \"%s\"", + princ, "host"); + goto errout; + } + } else { + (void) strcpy(errbuf, "service name too long"); + goto errout; + } + r = krb5_auth_con_getauthenticator(telnet_context, auth_context, &authenticator); @@ -557,7 +580,7 @@ kerberos5_is(ap, data, cnt) errout: { - char eerrbuf[128+9]; + char eerrbuf[329]; strcpy(eerrbuf, "telnetd: "); strcat(eerrbuf, errbuf); |