From b7cb82d8d2b4c79071bb2d3e2e0c2086d4ae2ec2 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Wed, 14 Nov 2012 16:29:14 +0100 Subject: Fix compare_principal_realm() check In case of a short UPN compare_principal_realm() erroneously returns an error. --- src/providers/krb5/krb5_common.c | 12 +++--------- src/tests/krb5_utils-tests.c | 6 ++++++ 2 files changed, 9 insertions(+), 9 deletions(-) (limited to 'src') diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c index ee3d72525..ed2fffae1 100644 --- a/src/providers/krb5/krb5_common.c +++ b/src/providers/krb5/krb5_common.c @@ -898,22 +898,16 @@ errno_t krb5_get_simple_upn(TALLOC_CTX *mem_ctx, struct krb5_ctx *krb5_ctx, errno_t compare_principal_realm(const char *upn, const char *realm, bool *different_realm) { - size_t upn_len; - size_t realm_len; char *at_sign; - if (upn == NULL || realm == NULL || different_realm == NULL) { + if (upn == NULL || realm == NULL || different_realm == NULL || + *upn == '\0' || *realm == '\0') { return EINVAL; } - upn_len = strlen(upn); - realm_len = strlen(realm); at_sign = strchr(upn, '@'); - /* if coming from the same realm the upn must be at least the size of the - * realm plus 1 for the '@' char. */ - if (upn_len == 0 || realm_len == 0 || upn_len <= realm_len + 1 || - at_sign == NULL) { + if (at_sign == NULL) { return EINVAL; } diff --git a/src/tests/krb5_utils-tests.c b/src/tests/krb5_utils-tests.c index fe5d8423f..112b4fab6 100644 --- a/src/tests/krb5_utils-tests.c +++ b/src/tests/krb5_utils-tests.c @@ -711,6 +711,12 @@ START_TEST(test_compare_principal_realm) fail_unless(ret == EOK, "Failure with different realm"); fail_unless(different_realm == true, "Different realm but " \ "different_realm is not true."); + + ret = compare_principal_realm("user@ABC", "REALMNAMELONGERTHANUPN", + &different_realm); + fail_unless(ret == EOK, "Failure with long realm name."); + fail_unless(different_realm == true, "Realm name longer than UPN but " + "different_realm is not true."); } END_TEST -- cgit