diff options
author | Ken Raeburn <raeburn@mit.edu> | 2000-07-01 00:51:58 +0000 |
---|---|---|
committer | Ken Raeburn <raeburn@mit.edu> | 2000-07-01 00:51:58 +0000 |
commit | b63a75c40310afc82e4af5372f92bec2e0a4c67e (patch) | |
tree | 21afaf6fefb69b3e9692ac78785e8023904713c1 /src/kadmin/v4server | |
parent | 7d348b141e39e286d544f0d72173a1a60f6ce434 (diff) | |
download | krb5-b63a75c40310afc82e4af5372f92bec2e0a4c67e.tar.gz krb5-b63a75c40310afc82e4af5372f92bec2e0a4c67e.tar.xz krb5-b63a75c40310afc82e4af5372f92bec2e0a4c67e.zip |
pullup from 1.2-beta4
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12497 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/kadmin/v4server')
-rw-r--r-- | src/kadmin/v4server/ChangeLog | 27 | ||||
-rw-r--r-- | src/kadmin/v4server/acl_files.c | 67 | ||||
-rw-r--r-- | src/kadmin/v4server/admin_server.c | 4 | ||||
-rw-r--r-- | src/kadmin/v4server/kadm_err.et | 1 | ||||
-rw-r--r-- | src/kadmin/v4server/kadm_ser_wrap.c | 8 | ||||
-rw-r--r-- | src/kadmin/v4server/kadm_server.c | 3 |
6 files changed, 94 insertions, 16 deletions
diff --git a/src/kadmin/v4server/ChangeLog b/src/kadmin/v4server/ChangeLog index 936fcca9a..76b2bd49e 100644 --- a/src/kadmin/v4server/ChangeLog +++ b/src/kadmin/v4server/ChangeLog @@ -1,3 +1,30 @@ +2000-05-23 Ken Raeburn <raeburn@mit.edu> + + * admin_server.c (main, case 'r'): Reject realm name that's too + long. + + * acl_files.c (acl_load): Return error if name too long. + + * kadm_err.et (KADM_REALM_TOO_LONG): New error code. + * kadm_ser_wrap.c (kadm_ser_init): Return it instead of truncating + a too-long realm name. + +2000-05-23 Nalin Dahyabhai <nalin@redhat.com> + + * acl_files.c (acl_canonicalize_principal): If the principal name + would be too long, return a zero-length string to mark it as invalid. + (acl_load): Don't add the principal to the hash if it's invalid. + (acl_add): Don't check the principal if it's invalid. + (acl_delete): Don't try to delete the principal if it's invalid. + + * kadm_ser_wrap.c (kadm_ser_init): Truncate "server_parm.krbrlm" + if "realm" is too long. + +2000-05-23 Tom Yu <tlyu@mit.edu> + + * kadm_server.c (kadm_ser_cpw): Add new arg to call to + chpass_principal_util(). + 1999-10-26 Wilfredo Sanchez <tritan@mit.edu> * Makefile.in: Clean up usage of CFLAGS, CPPFLAGS, DEFS, DEFINES, diff --git a/src/kadmin/v4server/acl_files.c b/src/kadmin/v4server/acl_files.c index 22a0007de..3e3bbe6d9 100644 --- a/src/kadmin/v4server/acl_files.c +++ b/src/kadmin/v4server/acl_files.c @@ -69,7 +69,8 @@ void acl_canonicalize_principal(principal, canon) char *principal; char *canon; { - char *dot, *atsign, *end; + char *dot, *atsign, *end, *canon_save = canon; + char realm[REALM_SZ]; int len; dot = strchr(principal, INST_SEP); @@ -94,18 +95,33 @@ char *canon; /* Get the principal name */ len = MIN(ANAME_SZ, COR(dot, COR(atsign, end)) - principal); - strncpy(canon, principal, len); - canon += len; + if(canon + len < canon_save + MAX_PRINCIPAL_SIZE) { + strncpy(canon, principal, len); + canon += len; + } else { + strcpy(canon, ""); + return; + } /* Add INST_SEP */ - *canon++ = INST_SEP; + if(canon + 1 < canon_save + MAX_PRINCIPAL_SIZE) { + *canon++ = INST_SEP; + } else { + strcpy(canon, ""); + return; + } /* Get the instance, if it exists */ if(dot != NULL) { ++dot; len = MIN(INST_SZ, COR(atsign, end) - dot); - strncpy(canon, dot, len); - canon += len; + if(canon + len < canon_save + MAX_PRINCIPAL_SIZE) { + strncpy(canon, dot, len); + canon += len; + } else { + strcpy(canon, ""); + return; + } } /* Add REALM_SEP */ @@ -116,11 +132,21 @@ char *canon; if(atsign != NULL) { ++atsign; len = MIN(REALM_SZ, end - atsign); - strncpy(canon, atsign, len); - canon += len; - *canon++ = '\0'; - } else if(krb_get_lrealm(canon, 1) != KSUCCESS) { - strcpy(canon, KRB_REALM); + if(canon + len + 1 < canon_save + MAX_PRINCIPAL_SIZE) { + strncpy(canon, atsign, len); + canon += len; + *canon++ = '\0'; + } else { + strcpy(canon, ""); + return; + } + } else if(krb_get_lrealm(realm, 1) != KSUCCESS) { + if(canon + strlen(realm) < canon_save + MAX_PRINCIPAL_SIZE) { + strcpy(canon, KRB_REALM); + } else { + strcpy(canon, ""); + return; + } } } @@ -399,7 +425,11 @@ char *name; } /* Set up the acl */ - strcpy(acl_cache[i].filename, name); + if (strlen (name) >= sizeof (acl_cache[i].filename) - 1) { + return -1; + } + strncpy(acl_cache[i].filename, name, sizeof(acl_cache[i].filename) - 1); + acl_cache[i].filename[sizeof(acl_cache[i].filename) - 1] = '\0'; if((acl_cache[i].fd = open(name, O_RDONLY, 0)) < 0) return(-1); /* Force reload */ acl_cache[i].acl = (struct hashtbl *) 0; @@ -426,7 +456,9 @@ char *name; while(fgets(buf, sizeof(buf), f) != NULL) { nuke_whitespace(buf); acl_canonicalize_principal(buf, canon); - add_hash(acl_cache[i].acl, canon); + if(strlen(canon) > 0) { + add_hash(acl_cache[i].acl, canon); + } } fclose(f); acl_cache[i].status = s; @@ -459,6 +491,9 @@ char *principal; acl_canonicalize_principal(principal, canon); + /* Is it an invalid principal name? */ + if(strlen(canon) == 0) return(0); + /* Is it there? */ if(acl_exact_match(acl, canon)) return(1); @@ -489,6 +524,9 @@ char *principal; acl_canonicalize_principal(principal, canon); + /* Is it an invalid principal name? */ + if(strlen(canon) == 0) return(-1); + if((new = acl_lock_file(acl)) == NULL) return(-1); if((acl_exact_match(acl, canon)) || (idx = acl_load(acl)) < 0) { @@ -523,6 +561,9 @@ char *principal; acl_canonicalize_principal(principal, canon); + /* Is it an invalid principal name? */ + if(strlen(canon) == 0) return(-1); + if((new = acl_lock_file(acl)) == NULL) return(-1); if((!acl_exact_match(acl, canon)) || (idx = acl_load(acl)) < 0) { diff --git a/src/kadmin/v4server/admin_server.c b/src/kadmin/v4server/admin_server.c index 90bf087c9..cd8742dea 100644 --- a/src/kadmin/v4server/admin_server.c +++ b/src/kadmin/v4server/admin_server.c @@ -149,6 +149,10 @@ char *argv[]; fascist_cpw = 0; break; case 'r': + if (strlen (optarg) + 1 > REALM_SZ) { + com_err(argv[0], 0, "realm name `%s' too long", optarg); + exit(1); + } (void) strncpy(krbrlm, optarg, sizeof(krbrlm) - 1); break; case 'k': diff --git a/src/kadmin/v4server/kadm_err.et b/src/kadmin/v4server/kadm_err.et index a19273083..07ab9da4b 100644 --- a/src/kadmin/v4server/kadm_err.et +++ b/src/kadmin/v4server/kadm_err.et @@ -54,4 +54,5 @@ ec KADM_INSECURE_PW, "Insecure password rejected" ec KADM_PW_MISMATCH, "Cleartext password and DES key did not match" ec KADM_NOT_SERV_PRINC, "Invalid principal for change srvtab request" +ec KADM_REALM_TOO_LONG, "Realm name too long" end diff --git a/src/kadmin/v4server/kadm_ser_wrap.c b/src/kadmin/v4server/kadm_ser_wrap.c index bca814d07..42d27aa46 100644 --- a/src/kadmin/v4server/kadm_ser_wrap.c +++ b/src/kadmin/v4server/kadm_ser_wrap.c @@ -47,7 +47,7 @@ kadm_ser_init(inter, realm, params) kadm_ser_init(inter, realm) int inter; /* interactive or from file */ char realm[]; -#endif +#endif { struct servent *sep; struct hostent *hp; @@ -64,7 +64,11 @@ kadm_ser_init(inter, realm) (void) strcpy(server_parm.sname, PWSERV_NAME); (void) strcpy(server_parm.sinst, KRB_MASTER); - (void) strcpy(server_parm.krbrlm, realm); + if (strlen (realm) > REALM_SZ) + return KADM_REALM_TOO_LONG; + (void) strncpy(server_parm.krbrlm, realm, sizeof(server_parm.krbrlm)-1); + server_parm.krbrlm[sizeof(server_parm.krbrlm) - 1] = '\0'; + if (krb5_425_conv_principal(kadm_context, server_parm.sname, server_parm.sinst, server_parm.krbrlm, &server_parm.sprinc)) diff --git a/src/kadmin/v4server/kadm_server.c b/src/kadmin/v4server/kadm_server.c index 687259bf5..886620f31 100644 --- a/src/kadmin/v4server/kadm_server.c +++ b/src/kadmin/v4server/kadm_server.c @@ -309,7 +309,8 @@ int *outlen; *msg_ret = '\0'; } else { retval = kadm5_chpass_principal_util(kadm5_handle, user_princ, - pword, NULL, msg_ret); + pword, NULL, msg_ret, + sizeof(msg_ret)); msg_ptr = msg_ret; } (void) krb5_free_principal(kadm_context, user_princ); |