diff options
author | Sumit Bose <sbose@redhat.com> | 2012-11-14 16:29:14 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2012-11-19 22:42:46 +0100 |
commit | ba098f8670c680c805531dd2714f32bd2c108860 (patch) | |
tree | 98e00ab4d3c4e92dcd0a7c5581dd75ef844b52f0 | |
parent | 6ef6612dd9e52c879e536a8b06bfeb4408d337b1 (diff) | |
download | sssd-ba098f8670c680c805531dd2714f32bd2c108860.tar.gz sssd-ba098f8670c680c805531dd2714f32bd2c108860.tar.xz sssd-ba098f8670c680c805531dd2714f32bd2c108860.zip |
Fix compare_principal_realm() check
In case of a short UPN compare_principal_realm() erroneously returns an
error.
-rw-r--r-- | src/providers/krb5/krb5_common.c | 12 | ||||
-rw-r--r-- | src/tests/krb5_utils-tests.c | 6 |
2 files changed, 9 insertions, 9 deletions
diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c index ee3d72525..ed2fffae1 100644 --- a/src/providers/krb5/krb5_common.c +++ b/src/providers/krb5/krb5_common.c @@ -898,22 +898,16 @@ errno_t krb5_get_simple_upn(TALLOC_CTX *mem_ctx, struct krb5_ctx *krb5_ctx, errno_t compare_principal_realm(const char *upn, const char *realm, bool *different_realm) { - size_t upn_len; - size_t realm_len; char *at_sign; - if (upn == NULL || realm == NULL || different_realm == NULL) { + if (upn == NULL || realm == NULL || different_realm == NULL || + *upn == '\0' || *realm == '\0') { return EINVAL; } - upn_len = strlen(upn); - realm_len = strlen(realm); at_sign = strchr(upn, '@'); - /* if coming from the same realm the upn must be at least the size of the - * realm plus 1 for the '@' char. */ - if (upn_len == 0 || realm_len == 0 || upn_len <= realm_len + 1 || - at_sign == NULL) { + if (at_sign == NULL) { return EINVAL; } diff --git a/src/tests/krb5_utils-tests.c b/src/tests/krb5_utils-tests.c index 77dc27ca8..bc1890f0b 100644 --- a/src/tests/krb5_utils-tests.c +++ b/src/tests/krb5_utils-tests.c @@ -711,6 +711,12 @@ START_TEST(test_compare_principal_realm) fail_unless(ret == EOK, "Failure with different realm"); fail_unless(different_realm == true, "Different realm but " \ "different_realm is not true."); + + ret = compare_principal_realm("user@ABC", "REALMNAMELONGERTHANUPN", + &different_realm); + fail_unless(ret == EOK, "Failure with long realm name."); + fail_unless(different_realm == true, "Realm name longer than UPN but " + "different_realm is not true."); } END_TEST |