pullup from 1.2-beta4

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12497 dc483132-0cff-0310-8789-dd5450dbe970
author: Ken Raeburn <raeburn@mit.edu> 2000-07-01 00:51:58 +0000
committer: Ken Raeburn <raeburn@mit.edu> 2000-07-01 00:51:58 +0000
commit: b63a75c40310afc82e4af5372f92bec2e0a4c67e (patch)
tree: 21afaf6fefb69b3e9692ac78785e8023904713c1 /src/kadmin/v4server/acl_files.c
parent: 7d348b141e39e286d544f0d72173a1a60f6ce434 (diff)
download: krb5-b63a75c40310afc82e4af5372f92bec2e0a4c67e.tar.gz
krb5-b63a75c40310afc82e4af5372f92bec2e0a4c67e.tar.xz
krb5-b63a75c40310afc82e4af5372f92bec2e0a4c67e.zip
1 files changed, 54 insertions, 13 deletions
diff --git a/src/kadmin/v4server/acl_files.c b/src/kadmin/v4server/acl_files.c
index 22a0007de..3e3bbe6d9 100644
--- a/src/kadmin/v4server/acl_files.c
+++ b/src/kadmin/v4server/acl_files.c
@@ -69,7 +69,8 @@ void acl_canonicalize_principal(principal, canon)
 char *principal;
 char *canon;
 {
-    char *dot, *atsign, *end;
+    char *dot, *atsign, *end, *canon_save = canon;
+    char realm[REALM_SZ];
     int len;
 
     dot = strchr(principal, INST_SEP);
@@ -94,18 +95,33 @@ char *canon;
 
     /* Get the principal name */
     len = MIN(ANAME_SZ, COR(dot, COR(atsign, end)) - principal);
-    strncpy(canon, principal, len);
-    canon += len;
+    if(canon + len < canon_save + MAX_PRINCIPAL_SIZE) {
+    	strncpy(canon, principal, len);
+    	canon += len;
+    } else {
+	strcpy(canon, "");
+	return;
+    }
 
     /* Add INST_SEP */
-    *canon++ = INST_SEP;
+    if(canon + 1 < canon_save + MAX_PRINCIPAL_SIZE) {
+    	*canon++ = INST_SEP;
+    } else {
+	strcpy(canon, "");
+	return;
+    }
 
     /* Get the instance, if it exists */
     if(dot != NULL) {
 	++dot;
 	len = MIN(INST_SZ, COR(atsign, end) - dot);
-	strncpy(canon, dot, len);
-	canon += len;
+        if(canon + len < canon_save + MAX_PRINCIPAL_SIZE) {
+	    strncpy(canon, dot, len);
+	    canon += len;
+	} else {
+	    strcpy(canon, "");
+	    return;
+	}
     }
 
     /* Add REALM_SEP */
@@ -116,11 +132,21 @@ char *canon;
     if(atsign != NULL) {
 	++atsign;
 	len = MIN(REALM_SZ, end - atsign);
-	strncpy(canon, atsign, len);
-	canon += len;
-	*canon++ = '\0';
-    } else if(krb_get_lrealm(canon, 1) != KSUCCESS) {
-	strcpy(canon, KRB_REALM);
+        if(canon + len + 1 < canon_save + MAX_PRINCIPAL_SIZE) {
+	    strncpy(canon, atsign, len);
+	    canon += len;
+	    *canon++ = '\0';
+	} else {
+	    strcpy(canon, "");
+	    return;
+	}
+    } else if(krb_get_lrealm(realm, 1) != KSUCCESS) {
+        if(canon + strlen(realm) < canon_save + MAX_PRINCIPAL_SIZE) {
+	    strcpy(canon, KRB_REALM);
+	} else {
+	    strcpy(canon, "");
+	    return;
+	}
     }
 }
 	    
@@ -399,7 +425,11 @@ char *name;
     }
 
     /* Set up the acl */
-    strcpy(acl_cache[i].filename, name);
+    if (strlen (name) >= sizeof (acl_cache[i].filename) - 1) {
+	return -1;
+    }
+    strncpy(acl_cache[i].filename, name, sizeof(acl_cache[i].filename) - 1);
+    acl_cache[i].filename[sizeof(acl_cache[i].filename) - 1] = '\0';
     if((acl_cache[i].fd = open(name, O_RDONLY, 0)) < 0) return(-1);
     /* Force reload */
     acl_cache[i].acl = (struct hashtbl *) 0;
@@ -426,7 +456,9 @@ char *name;
 	   while(fgets(buf, sizeof(buf), f) != NULL) {
 	       nuke_whitespace(buf);
 	       acl_canonicalize_principal(buf, canon);
-	       add_hash(acl_cache[i].acl, canon);
+	       if(strlen(canon) > 0) {
+	           add_hash(acl_cache[i].acl, canon);
+	       }
 	   }
 	   fclose(f);
 	   acl_cache[i].status = s;
@@ -459,6 +491,9 @@ char *principal;
 
     acl_canonicalize_principal(principal, canon);
 
+    /* Is it an invalid principal name? */
+    if(strlen(canon) == 0) return(0);
+
     /* Is it there? */
     if(acl_exact_match(acl, canon)) return(1);
 
@@ -489,6 +524,9 @@ char *principal;
 
     acl_canonicalize_principal(principal, canon);
 
+    /* Is it an invalid principal name? */
+    if(strlen(canon) == 0) return(-1);
+
     if((new = acl_lock_file(acl)) == NULL) return(-1);
     if((acl_exact_match(acl, canon))
        || (idx = acl_load(acl)) < 0) {
@@ -523,6 +561,9 @@ char *principal;
 
     acl_canonicalize_principal(principal, canon);
 
+    /* Is it an invalid principal name? */
+    if(strlen(canon) == 0) return(-1);
+
     if((new = acl_lock_file(acl)) == NULL) return(-1);
     if((!acl_exact_match(acl, canon))
        || (idx = acl_load(acl)) < 0) {
author	Ken Raeburn <raeburn@mit.edu>	2000-07-01 00:51:58 +0000
committer	Ken Raeburn <raeburn@mit.edu>	2000-07-01 00:51:58 +0000
commit	b63a75c40310afc82e4af5372f92bec2e0a4c67e (patch)
tree	21afaf6fefb69b3e9692ac78785e8023904713c1 /src/kadmin/v4server/acl_files.c
parent	7d348b141e39e286d544f0d72173a1a60f6ce434 (diff)
download	krb5-b63a75c40310afc82e4af5372f92bec2e0a4c67e.tar.gz krb5-b63a75c40310afc82e4af5372f92bec2e0a4c67e.tar.xz krb5-b63a75c40310afc82e4af5372f92bec2e0a4c67e.zip