diff options
| author | Greg Hudson <ghudson@mit.edu> | 2012-05-12 12:54:06 -0400 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2012-05-12 12:54:06 -0400 |
| commit | 74beb75bb07e3921d10c8eec05eacb1f393e5e44 (patch) | |
| tree | ee44004888aa87b398bc16d36b899d8c4535d5e3 /src | |
| parent | 39629e9df44ce8c4ad72fde951390acc6864407d (diff) | |
| download | krb5-74beb75bb07e3921d10c8eec05eacb1f393e5e44.tar.gz krb5-74beb75bb07e3921d10c8eec05eacb1f393e5e44.tar.xz krb5-74beb75bb07e3921d10c8eec05eacb1f393e5e44.zip | |
Null-terminate components of parsed principals
The rewritten krb5_parse_name didn't null-terminate components or
realms of principals, while the old one did. Fix the new one to do so
as well.
This means KRB5_PRINCIPAL_PARSE_IGNORE_REALM allocates one byte for
the realm instead of leaving it as empty_data(), so we need to free
the realm in build_in_tkt_name() before copying in the client realm.
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/krb5/krb/get_in_tkt.c | 1 | ||||
| -rw-r--r-- | src/lib/krb5/krb/parse.c | 20 |
2 files changed, 10 insertions, 11 deletions
diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c index 1ae8021a7..8af0f5c22 100644 --- a/src/lib/krb5/krb/get_in_tkt.c +++ b/src/lib/krb5/krb/get_in_tkt.c @@ -452,6 +452,7 @@ build_in_tkt_name(krb5_context context, &server); if (ret) return ret; + krb5_free_data_contents(context, &server->realm); ret = krb5int_copy_data_contents(context, &client->realm, &server->realm); if (ret) { diff --git a/src/lib/krb5/krb/parse.c b/src/lib/krb5/krb/parse.c index dd4f44d11..cf3cce9d0 100644 --- a/src/lib/krb5/krb/parse.c +++ b/src/lib/krb5/krb/parse.c @@ -96,19 +96,16 @@ allocate_princ(krb5_context context, const char *name, krb5_boolean enterprise, } } - /* Allocate space for each non-empty component and the realm. */ + /* Allocate space for each component and the realm, with space for null + * terminators on each field. */ for (i = 0; i < princ->length; i++) { - if (princ->data[i].length > 0) { - princ->data[i].data = k5alloc(princ->data[i].length, &ret); - if (princ->data[i].data == NULL) - goto cleanup; - } - } - if (princ->realm.length > 0) { - princ->realm.data = k5alloc(princ->realm.length, &ret); - if (princ->realm.data == NULL) + princ->data[i].data = k5alloc(princ->data[i].length + 1, &ret); + if (princ->data[i].data == NULL) goto cleanup; } + princ->realm.data = k5alloc(princ->realm.length + 1, &ret); + if (princ->realm.data == NULL) + goto cleanup; *princ_out = princ; *has_realm_out = (cur_data == &princ->realm); @@ -120,7 +117,8 @@ cleanup: /* * Parse name into princ, assuming that name is correctly formed and that all - * principal fields are allocated to the correct length. If enterprise is + * principal fields are allocated to the correct length with zero-filled memory + * (so we get null-terminated fields without any extra work). If enterprise is * true, use enterprise principal parsing rules. */ static void |