summaryrefslogtreecommitdiffstats
path: root/src/clients
diff options
context:
space:
mode:
Diffstat (limited to 'src/clients')
-rw-r--r--src/clients/ksu/ChangeLog7
-rw-r--r--src/clients/ksu/heuristic.c2
-rw-r--r--src/clients/ksu/krb_auth_su.c4
3 files changed, 11 insertions, 2 deletions
diff --git a/src/clients/ksu/ChangeLog b/src/clients/ksu/ChangeLog
index 44415a033e..17a1dffe88 100644
--- a/src/clients/ksu/ChangeLog
+++ b/src/clients/ksu/ChangeLog
@@ -1,3 +1,10 @@
+2003-04-01 Nalin Dahyabhai <nalin@redhat.com>
+
+ * heuristic.c (get_closest_principal): Don't try to examine
+ principal name components after the last.
+ * krb_auth_su.c (get_best_principal): Check principal name length
+ before examining components.
+
2002-12-23 Ezra Peisach <epeisach@bu.edu>
* authorization.c, heuristic.c, ksu.h: Use uid_t instead of int in
diff --git a/src/clients/ksu/heuristic.c b/src/clients/ksu/heuristic.c
index c79f943699..85b94b5e25 100644
--- a/src/clients/ksu/heuristic.c
+++ b/src/clients/ksu/heuristic.c
@@ -364,7 +364,7 @@ krb5_error_code get_closest_principal(context, plist, client, found)
krb5_data *p2 =
krb5_princ_component(context, temp_client, j);
- if ((p1->length != p2->length) ||
+ if (!p1 || !p2 || (p1->length != p2->length) ||
memcmp(p1->data,p2->data,p1->length)){
got_one = FALSE;
break;
diff --git a/src/clients/ksu/krb_auth_su.c b/src/clients/ksu/krb_auth_su.c
index 6e76149c1f..8e1834240e 100644
--- a/src/clients/ksu/krb_auth_su.c
+++ b/src/clients/ksu/krb_auth_su.c
@@ -547,7 +547,9 @@ krb5_error_code get_best_principal(context, plist, client)
krb5_princ_realm(context, temp_client)->length))){
- if(nelem){
+ if (nelem &&
+ krb5_princ_size(context, *client) > 0 &&
+ krb5_princ_size(context, temp_client) > 0) {
krb5_data *p1 =
krb5_princ_component(context, *client, 0);
krb5_data *p2 =