diff options
| author | Greg Hudson <ghudson@mit.edu> | 2012-06-08 18:40:22 -0400 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2012-06-08 18:40:22 -0400 |
| commit | cf520a2d2ed60360f6bad145ef749a10723bc4da (patch) | |
| tree | ddbec1fe206e9d5a3790dc5b22c4312b6fa76059 /src | |
| parent | 103456df347d6ea68b1a6f0657b50d5f23a47a37 (diff) | |
| download | krb5-cf520a2d2ed60360f6bad145ef749a10723bc4da.tar.gz krb5-cf520a2d2ed60360f6bad145ef749a10723bc4da.tar.xz krb5-cf520a2d2ed60360f6bad145ef749a10723bc4da.zip | |
Clean up default_an_to_ln and fix a minor leak
The default realm could be leaked if the principal had the wrong
number of components. Reported by Russ Allbery.
ticket: 7161
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/krb5/os/an_to_ln.c | 58 |
1 files changed, 23 insertions, 35 deletions
diff --git a/src/lib/krb5/os/an_to_ln.c b/src/lib/krb5/os/an_to_ln.c index a5846c78bc..8108f3478b 100644 --- a/src/lib/krb5/os/an_to_ln.c +++ b/src/lib/krb5/os/an_to_ln.c @@ -599,46 +599,34 @@ cleanup: * that name is returned as the lname. */ static krb5_error_code -default_an_to_ln(krb5_context context, krb5_const_principal aname, const unsigned int lnsize, char *lname) +default_an_to_ln(krb5_context context, krb5_const_principal aname, + const unsigned int lnsize, char *lname) { - krb5_error_code retval; + krb5_error_code ret; char *def_realm; - unsigned int realm_length; - - realm_length = krb5_princ_realm(context, aname)->length; - - if ((retval = krb5_get_default_realm(context, &def_realm))) { - return(retval); - } - if (!data_eq_string(*krb5_princ_realm(context, aname), def_realm)) { - free(def_realm); - return KRB5_LNAME_NOTRANS; - } - if (krb5_princ_size(context, aname) != 1) { - if (krb5_princ_size(context, aname) == 2 ) { - /* Check to see if 2nd component is the local realm. */ - if ( strncmp(krb5_princ_component(context, aname,1)->data,def_realm, - realm_length) || - realm_length != krb5_princ_component(context, aname,1)->length) - return KRB5_LNAME_NOTRANS; - } - else - /* no components or more than one component to non-realm part of name - --no translation. */ - return KRB5_LNAME_NOTRANS; + ret = krb5_get_default_realm(context, &def_realm); + if (ret) + return ret; + + if (!data_eq_string(aname->realm, def_realm)) { + ret = KRB5_LNAME_NOTRANS; + } else if (aname->length == 2) { + /* Check to see if second component is the local realm. */ + if (!data_eq_string(aname->data[1], def_realm)) + ret = KRB5_LNAME_NOTRANS; + } else if (aname->length != 1) { + ret = KRB5_LNAME_NOTRANS; } - free(def_realm); - strncpy(lname, krb5_princ_component(context, aname,0)->data, - min(krb5_princ_component(context, aname,0)->length,lnsize)); - if (lnsize <= krb5_princ_component(context, aname,0)->length ) { - retval = KRB5_CONFIG_NOTENUFSPACE; - } else { - lname[krb5_princ_component(context, aname,0)->length] = '\0'; - retval = 0; - } - return retval; + if (ret) + return ret; + + if (aname->data[0].length >= lnsize) + return KRB5_CONFIG_NOTENUFSPACE; + memcpy(lname, aname->data[0].data, aname->data[0].length); + lname[aname->data[0].length] = '\0'; + return 0; } /* |