diff options
| author | Martin Kosek <mkosek@redhat.com> | 2014-03-07 10:06:52 +0100 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2014-03-11 16:55:01 +0100 |
| commit | 740298d1208e92c264ef5752ac3fe6adf1240790 (patch) | |
| tree | 451fbafb19388cf06c56c77622d856df7f24ad03 /daemons | |
| parent | 34c3d309d99d0ebe5eb0b935d356e30d8866c139 (diff) | |
| download | freeipa-740298d1208e92c264ef5752ac3fe6adf1240790.tar.gz freeipa-740298d1208e92c264ef5752ac3fe6adf1240790.tar.xz freeipa-740298d1208e92c264ef5752ac3fe6adf1240790.zip | |
Avoid passing non-terminated string to is_master_host
When string is not terminated, queries with corrupted base may be sent
to LDAP:
... cn=ipa1.example.com<garbage>,cn=masters...
https://fedorahosted.org/freeipa/ticket/4214
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Diffstat (limited to 'daemons')
| -rw-r--r-- | daemons/ipa-kdb/ipa_kdb_mspac.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/daemons/ipa-kdb/ipa_kdb_mspac.c b/daemons/ipa-kdb/ipa_kdb_mspac.c index 848127876..a73a3cb46 100644 --- a/daemons/ipa-kdb/ipa_kdb_mspac.c +++ b/daemons/ipa-kdb/ipa_kdb_mspac.c @@ -488,13 +488,14 @@ static krb5_error_code ipadb_fill_info3(struct ipadb_context *ipactx, } data = krb5_princ_component(ipactx->context, princ, 1); - strres = malloc(data->length); + strres = malloc(data->length+1); if (strres == NULL) { krb5_free_principal(ipactx->kcontext, princ); return ENOENT; } memcpy(strres, data->data, data->length); + strres[data->length] = '\0'; krb5_free_principal(ipactx->kcontext, princ); /* Only add PAC to TGT to services on IPA masters to allow querying |