diff options
| author | Simo Sorce <simo@redhat.com> | 2013-12-27 11:38:10 -0500 |
|---|---|---|
| committer | Günther Deschner <gdeschner@redhat.com> | 2014-01-15 15:00:03 +0100 |
| commit | d78ad1fc906d1e03b8232e4c9aab831899c26b31 (patch) | |
| tree | 13f51e15986c91ce36c829c3a817ff4a171e7fa6 | |
| parent | a14cb37d199fec9227f668fe107bf38f99b8b842 (diff) | |
| download | gss-proxy-d78ad1fc906d1e03b8232e4c9aab831899c26b31.tar.gz gss-proxy-d78ad1fc906d1e03b8232e4c9aab831899c26b31.tar.xz gss-proxy-d78ad1fc906d1e03b8232e4c9aab831899c26b31.zip | |
Add zero termination when the buffer is a string
This shouldn't be needed but apaprently there are a number of applications
like mod_auth_kerb that just blindly assume the out buffer returned by
gss_diplay_name() is a zero terminated string even though there is no
guarantee it is in the API. To avoid annoying misbehavior we forcibly zero
terminate strings copied and returned by the interposer.
Fixes: https://fedorahosted.org/gss-proxy/ticket/101
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
| -rw-r--r-- | proxy/src/client/gpm_import_and_canon_name.c | 3 | ||||
| -rw-r--r-- | proxy/src/gp_conv.c | 21 | ||||
| -rw-r--r-- | proxy/src/gp_conv.h | 1 |
3 files changed, 24 insertions, 1 deletions
diff --git a/proxy/src/client/gpm_import_and_canon_name.c b/proxy/src/client/gpm_import_and_canon_name.c index 68dc6ce..8e1204b 100644 --- a/proxy/src/client/gpm_import_and_canon_name.c +++ b/proxy/src/client/gpm_import_and_canon_name.c @@ -71,7 +71,8 @@ OM_uint32 gpm_display_name(OM_uint32 *minor_status, output_name->name_type.octet_string_val = NULL; } - ret = gp_copy_gssx_to_buffer(&in_name->display_name, output_name_buffer); + ret = gp_copy_gssx_to_string_buffer(&in_name->display_name, + output_name_buffer); if (ret) { ret_min = ret; ret_maj = GSS_S_FAILURE; diff --git a/proxy/src/gp_conv.c b/proxy/src/gp_conv.c index 0b177ee..a9f9669 100644 --- a/proxy/src/gp_conv.c +++ b/proxy/src/gp_conv.c @@ -184,6 +184,27 @@ int gp_copy_gssx_to_buffer(gssx_buffer *in, gss_buffer_t out) return 0; } +int gp_copy_gssx_to_string_buffer(gssx_buffer *in, gss_buffer_t out) +{ + gss_buffer_desc empty = GSS_C_EMPTY_BUFFER; + char *str; + + if (in->octet_string_len == 0) { + *out = empty; + return 0; + } + + str = malloc(in->octet_string_len + 1); + if (!str) { + return ENOMEM; + } + memcpy(str, in->octet_string_val, in->octet_string_len); + str[in->octet_string_len] = '\0'; + out->length = in->octet_string_len; + out->value = str; + return 0; +} + int gp_conv_buffer_to_gssx(gss_buffer_t in, gssx_buffer *out) { return gp_conv_octet_string(in->length, in->value, out); diff --git a/proxy/src/gp_conv.h b/proxy/src/gp_conv.h index c79010d..0ed6d91 100644 --- a/proxy/src/gp_conv.h +++ b/proxy/src/gp_conv.h @@ -43,6 +43,7 @@ int gp_conv_oid_to_gssx_alloc(gss_OID in, gssx_OID **out); void gp_conv_gssx_to_buffer(gssx_buffer *in, gss_buffer_t out); int gp_conv_gssx_to_buffer_alloc(gssx_buffer *in, gss_buffer_t *out); int gp_copy_gssx_to_buffer(gssx_buffer *in, gss_buffer_t out); +int gp_copy_gssx_to_string_buffer(gssx_buffer *in, gss_buffer_t out); int gp_conv_buffer_to_gssx(gss_buffer_t in, gssx_buffer *out); int gp_conv_buffer_to_gssx_alloc(gss_buffer_t in, gssx_buffer **out); |