* do_as_req.c (process_as_req), do_tgs_req (process_tgs_req): Use

		limit_string() to make sure the length of cname and sname
		are reasonable.

	* kdc_util.c (limit_string): New function which limits the strings
		that will end up in log files to "reasonable" lengths.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10091 dc483132-0cff-0310-8789-dd5450dbe970

5 files changed, 36 insertions, 6 deletions

diff --git a/src/kdc/ChangeLog b/src/kdc/ChangeLog
index a9190212b..dd837ead1 100644
--- a/src/kdc/ChangeLog
+++ b/src/kdc/ChangeLog
@@ -1,3 +1,12 @@
+Thu May 29 21:08:24 1997  Theodore Y. Ts'o  <tytso@mit.edu>
+
+	* do_as_req.c (process_as_req), do_tgs_req (process_tgs_req): Use
+		limit_string() to make sure the length of cname and sname
+		are reasonable.
+
+	* kdc_util.c (limit_string): New function which limits the strings
+		that will end up in log files to "reasonable" lengths.
+
 Tue Feb 18 09:56:16 1997  Ezra Peisach  <epeisach@mit.edu>
 
 	* kerberos_v4.c: Remove include of krb4-proto.h
diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c
index 504f0077a..5d87865b2 100644
--- a/src/kdc/do_as_req.c
+++ b/src/kdc/do_as_req.c
@@ -99,6 +99,7 @@ krb5_data **response;			/* filled in with a response packet */
 	status = "UNPARSING_CLIENT";
 	goto errout;
     }
+    limit_string(cname);
     if (!request->server) {
 	status = "NULL_SERVER";
 	errcode = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
@@ -108,6 +109,7 @@ krb5_data **response;			/* filled in with a response packet */
 	status = "UNPARSING_SERVER";
 	goto errout;
     }
+    limit_string(sname);
     
     c_nprincs = 1;
     if ((errcode = krb5_db_get_principal(kdc_context, request->client,
diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c
index f2d7d93f1..a4c550242 100644
--- a/src/kdc/do_tgs_req.c
+++ b/src/kdc/do_tgs_req.c
@@ -111,6 +111,7 @@ krb5_data **response;			/* filled in with a response packet */
 	status = "UNPARSING SERVER";
 	goto cleanup;
     }
+    limit_string(sname);
 
    /* errcode = kdc_process_tgs_req(request, from, pkt, &req_authdat); */
     errcode = kdc_process_tgs_req(request, from, pkt, &header_ticket, &subkey);
@@ -123,7 +124,8 @@ krb5_data **response;			/* filled in with a response packet */
 	errcode = errcode2;
 	goto cleanup;
     }
-
+    limit_string(cname);
+    
     if (errcode) {
 	status = "PROCESS_TGS";
 	goto cleanup;
diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c
index 60670ff8e..9211b186f 100644
--- a/src/kdc/kdc_util.c
+++ b/src/kdc/kdc_util.c
@@ -912,7 +912,7 @@ krb5_data *data;
 {
     unsigned char *estream;	/* end of stream */
     int classes;		/* # classes seen so far this level */
-    int levels = 0;		/* levels seen so far */
+    unsigned int levels = 0;		/* levels seen so far */
     int lastlevel = 1000;       /* last level seen */
     int length;			/* various lengths */
     int tag;			/* tag number */
@@ -1375,8 +1375,23 @@ get_salt_from_key(context, client, client_key, salt)
     return 0;
 }
 
+/*
+ * Limit strings to a "reasonable" length to prevent crowding out of
+ * other useful information in the log entry
+ */
+#define NAME_LENGTH_LIMIT 128
 
-    
-   
-    
-    
+void limit_string(char *name)
+{
+	int	i;
+
+	if (strlen(name) < NAME_LENGTH_LIMIT)
+		return;
+
+	i = NAME_LENGTH_LIMIT-4;
+	name[i++] = '.';
+	name[i++] = '.';
+	name[i++] = '.';
+	name[i] = '\0';
+	return;
+}
diff --git a/src/kdc/kdc_util.h b/src/kdc/kdc_util.h
index b869f6f8a..27d62d43b 100644
--- a/src/kdc/kdc_util.h
+++ b/src/kdc/kdc_util.h
@@ -93,6 +93,8 @@ krb5_error_code
 get_salt_from_key PROTOTYPE((krb5_context, krb5_principal,
 			     krb5_key_data *, krb5_data *));
 
+void limit_string PROTOTYPE((char *name));
+
 /* do_as_req.c */
 krb5_error_code process_as_req PROTOTYPE((krb5_kdc_req *,
 					  const krb5_fulladdr *,