MITKRB5-SA-2007-002: buffer overflow in krb5_klog_syslog

Fix MITKRB5-SA-2007-002: buffer overflow in krb5_klog_syslog.

	* src/lib/krb5/krb/get_in_tkt.c (krb5_klog_syslog): Use vsnprintf
	if available.

Everything else: use precision fields on "%s" specifiers to truncate
logged strings, in case someone doesn't have vsnprintf.

ticket: new
target_version: 1.6.1
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19395 dc483132-0cff-0310-8789-dd5450dbe970

9 files changed, 229 insertions, 175 deletions

diff --git a/src/kadmin/server/kadm_rpc_svc.c b/src/kadmin/server/kadm_rpc_svc.c
index 978ca3c33..cd1f0d2f1 100644
--- a/src/kadmin/server/kadm_rpc_svc.c
+++ b/src/kadmin/server/kadm_rpc_svc.c
@@ -250,6 +250,8 @@ check_rpcsec_auth(struct svc_req *rqstp)
      krb5_data *c1, *c2, *realm;
      gss_buffer_desc gss_str;
      kadm5_server_handle_t handle;
+     size_t slen;
+     char *sdots;
 
      success = 0;
      handle = (kadm5_server_handle_t)global_server_handle;
@@ -274,6 +276,8 @@ check_rpcsec_auth(struct svc_req *rqstp)
      if (ret == 0)
 	  goto fail_name;
 
+     slen = gss_str.length;
+     trunc_name(&slen, &sdots);
      /*
       * Since we accept with GSS_C_NO_NAME, the client can authenticate
       * against the entire kdb.  Therefore, ensure that the service
@@ -296,8 +300,8 @@ check_rpcsec_auth(struct svc_req *rqstp)
 
 fail_princ:
      if (!success) {
-	 krb5_klog_syslog(LOG_ERR, "bad service principal %.*s",
-			  gss_str.length, gss_str.value);
+	 krb5_klog_syslog(LOG_ERR, "bad service principal %.*s%s",
+			  slen, gss_str.value, sdots);
      }
      gss_release_buffer(&min_stat, &gss_str);
      krb5_free_principal(kctx, princ);
diff --git a/src/kadmin/server/misc.c b/src/kadmin/server/misc.c
index fa4ca914c..ed5110048 100644
--- a/src/kadmin/server/misc.c
+++ b/src/kadmin/server/misc.c
@@ -171,3 +171,12 @@ check_min_life(void *server_handle, krb5_principal principal,
 
     return kadm5_free_principal_ent(handle->lhandle, &princ);
 }
+
+#define MAXPRINCLEN 125
+
+void
+trunc_name(size_t *len, char **dots)
+{
+    *dots = *len > MAXPRINCLEN ? "..." : "";
+    *len = *len > MAXPRINCLEN ? MAXPRINCLEN : *len;
+}
diff --git a/src/kadmin/server/misc.h b/src/kadmin/server/misc.h
index b519ba079..a020874fd 100644
--- a/src/kadmin/server/misc.h
+++ b/src/kadmin/server/misc.h
@@ -45,3 +45,5 @@ krb5_error_code process_chpw_request(krb5_context context,
 #ifdef SVC_GETARGS
 void  kadm_1(struct svc_req *, SVCXPRT *);
 #endif
+
+void trunc_name(size_t *len, char **dots);
diff --git a/src/kadmin/server/ovsec_kadmd.c b/src/kadmin/server/ovsec_kadmd.c
index afae95a12..a3ce42189 100644
--- a/src/kadmin/server/ovsec_kadmd.c
+++ b/src/kadmin/server/ovsec_kadmd.c
@@ -992,6 +992,8 @@ void log_badverf(gss_name_t client_name, gss_name_t server_name,
      rpcproc_t proc;
      int i;
      const char *procname;
+     size_t clen, slen;
+     char *cdots, *sdots;
 
      client.length = 0;
      client.value = NULL;
@@ -1000,10 +1002,20 @@ void log_badverf(gss_name_t client_name, gss_name_t server_name,
 
      (void) gss_display_name(&minor, client_name, &client, &gss_type);
      (void) gss_display_name(&minor, server_name, &server, &gss_type);
-     if (client.value == NULL)
+     if (client.value == NULL) {
 	 client.value = "(null)";
-     if (server.value == NULL)
+	 clen = sizeof("(null)") -1;
+     } else {
+	 clen = client.length;
+     }
+     trunc_name(&clen, &cdots);
+     if (server.value == NULL) {
 	 server.value = "(null)";
+	 slen = sizeof("(null)") - 1;
+     } else {
+	 slen = server.length;
+     }
+     trunc_name(&slen, &sdots);
      a = inet_ntoa(rqst->rq_xprt->xp_raddr.sin_addr);
 
      proc = msg->rm_call.cb_proc;
@@ -1016,14 +1028,14 @@ void log_badverf(gss_name_t client_name, gss_name_t server_name,
      }
      if (procname != NULL)
 	  krb5_klog_syslog(LOG_NOTICE, "WARNING! Forged/garbled request: %s, "
-			   "claimed client = %s, server = %s, addr = %s",
-			   procname, client.value,
-			   server.value, a);
+			   "claimed client = %.*s%s, server = %.*s%s, addr = %s",
+			   procname, clen, client.value, cdots,
+			   slen, server.value, sdots, a);
      else
 	  krb5_klog_syslog(LOG_NOTICE, "WARNING! Forged/garbled request: %d, "
-			   "claimed client = %s, server = %s, addr = %s",
-			   proc, client.value,
-			   server.value, a);
+			   "claimed client = %.*s%s, server = %.*s%s, addr = %s",
+			   proc, clen, client.value, cdots,
+			   slen, server.value, sdots, a);
 
      (void) gss_release_buffer(&minor, &client);
      (void) gss_release_buffer(&minor, &server);
diff --git a/src/kadmin/server/schpw.c b/src/kadmin/server/schpw.c
index b30c2d536..e974beb7b 100644
--- a/src/kadmin/server/schpw.c
+++ b/src/kadmin/server/schpw.c
@@ -40,6 +40,8 @@ process_chpw_request(context, server_handle, realm, s, keytab, sockin,
     int numresult;
     char strresult[1024];
     char *clientstr;
+    size_t clen;
+    char *cdots;
 
     ret = 0;
     rep->length = 0;
@@ -258,9 +260,12 @@ process_chpw_request(context, server_handle, realm, s, keytab, sockin,
     free(ptr);
     clear.length = 0;
 
-    krb5_klog_syslog(LOG_NOTICE, "chpw request from %s for %s: %s",
+    clen = strlen(clientstr);
+    trunc_name(&clen, &cdots);
+    krb5_klog_syslog(LOG_NOTICE, "chpw request from %s for %.*s%s: %s",
 		     inet_ntoa(((struct sockaddr_in *)&remote_addr)->sin_addr),
-		     clientstr, ret ? krb5_get_error_message (context, ret) : "success");
+		     clen, clientstr, cdots,
+		     ret ? krb5_get_error_message (context, ret) : "success");
     krb5_free_unparsed_name(context, clientstr);
 
     if (ret) {
diff --git a/src/kadmin/server/server_stubs.c b/src/kadmin/server/server_stubs.c
index ee5d653cd..cf823984f 100644
--- a/src/kadmin/server/server_stubs.c
+++ b/src/kadmin/server/server_stubs.c
@@ -14,6 +14,7 @@
 #include <arpa/inet.h>  /* inet_ntoa */
 #include <adm_proto.h>  /* krb5_klog_syslog */
 #include "misc.h"
+#include <string.h>
 
 #define LOG_UNAUTH  "Unauthorized request: %s, %s, client=%s, service=%s, addr=%s"
 #define	LOG_DONE    "Request: %s, %s, %s, client=%s, service=%s, addr=%s"
@@ -237,6 +238,61 @@ gss_name_to_string(gss_name_t gss_name, gss_buffer_desc *str)
      return 0;
 }
 
+static int
+log_unauth(
+    char *op,
+    char *target,
+    gss_buffer_t client,
+    gss_buffer_t server,
+    struct svc_req *rqstp)
+{
+    size_t tlen, clen, slen;
+    char *tdots, *cdots, *sdots;
+
+    tlen = strlen(target);
+    trunc_name(&tlen, &tdots);
+    clen = client->length;
+    trunc_name(&clen, &cdots);
+    slen = server->length;
+    trunc_name(&slen, &sdots);
+
+    return krb5_klog_syslog(LOG_NOTICE,
+			    "Unauthorized request: %s, %.*s%s, "
+			    "client=%.*s%s, service=%.*s%s, addr=%s",
+			    op, tlen, target, tdots,
+			    clen, client->value, cdots,
+			    slen, server->value, sdots,
+			    inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+}
+
+static int
+log_done(
+    char *op,
+    char *target,
+    char *errmsg,
+    gss_buffer_t client,
+    gss_buffer_t server,
+    struct svc_req *rqstp)
+{
+    size_t tlen, clen, slen;
+    char *tdots, *cdots, *sdots;
+
+    tlen = strlen(target);
+    trunc_name(&tlen, &tdots);
+    clen = client->length;
+    trunc_name(&clen, &cdots);
+    slen = server->length;
+    trunc_name(&slen, &sdots);
+
+    return krb5_klog_syslog(LOG_NOTICE,
+			    "Request: %s, %.*s%s, %s, "
+			    "client=%.*s%s, service=%.*s%s, addr=%s",
+			    op, tlen, target, tdots, errmsg,
+			    clen, client->value, cdots,
+			    slen, server->value, sdots,
+			    inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+}
+
 generic_ret *
 create_principal_2_svc(cprinc_arg *arg, struct svc_req *rqstp)
 {
@@ -275,9 +331,8 @@ create_principal_2_svc(cprinc_arg *arg, struct svc_req *rqstp)
 	|| kadm5int_acl_impose_restrictions(handle->context,
 				   &arg->rec, &arg->mask, rp)) {
 	 ret.code = KADM5_AUTH_ADD;
-	 krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_create_principal",
-		prime_arg, client_name.value, service_name.value,
-		inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+	 log_unauth("kadm5_create_principal", prime_arg,
+		    &client_name, &service_name, rqstp);
     } else {
 	 ret.code = kadm5_create_principal((void *)handle,
 						&arg->rec, arg->mask,
@@ -287,10 +342,8 @@ create_principal_2_svc(cprinc_arg *arg, struct svc_req *rqstp)
 	 else
 	     errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
 
-	 krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_create_principal",
-		prime_arg, errmsg,
-		client_name.value, service_name.value,
-		inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+	 log_done("kadm5_create_principal", prime_arg, errmsg,
+		  &client_name, &service_name, rqstp);
 
 	 /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
     }
@@ -341,9 +394,8 @@ create_principal3_2_svc(cprinc3_arg *arg, struct svc_req *rqstp)
 	|| kadm5int_acl_impose_restrictions(handle->context,
 				   &arg->rec, &arg->mask, rp)) {
 	 ret.code = KADM5_AUTH_ADD;
-	 krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_create_principal",
-		prime_arg, client_name.value, service_name.value,
-		inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+	 log_unauth("kadm5_create_principal", prime_arg,
+		    &client_name, &service_name, rqstp);
     } else {
 	 ret.code = kadm5_create_principal_3((void *)handle,
 					     &arg->rec, arg->mask,
@@ -355,10 +407,8 @@ create_principal3_2_svc(cprinc3_arg *arg, struct svc_req *rqstp)
 	 else
 	     errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
 
-	 krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_create_principal",
-		prime_arg, errmsg,
-		client_name.value, service_name.value,
-		inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+	 log_done("kadm5_create_principal", prime_arg, errmsg,
+		  &client_name, &service_name, rqstp);
 
 	 /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
     }
@@ -406,9 +456,8 @@ delete_principal_2_svc(dprinc_arg *arg, struct svc_req *rqstp)
 	|| !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_DELETE,
 		      arg->princ, NULL)) {
 	 ret.code = KADM5_AUTH_DELETE;
-	 krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_delete_principal",
-		prime_arg, client_name.value, service_name.value,
-		inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+	 log_unauth("kadm5_delete_principal", prime_arg,
+		    &client_name, &service_name, rqstp);
     } else {
 	 ret.code = kadm5_delete_principal((void *)handle, arg->princ);
 	 if( ret.code == 0 )
@@ -416,10 +465,8 @@ delete_principal_2_svc(dprinc_arg *arg, struct svc_req *rqstp)
 	 else
 	     errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
 
-	 krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_delete_principal",
-			  prime_arg, errmsg,
-			  client_name.value, service_name.value,
-			  inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+	 log_done("kadm5_delete_principal", prime_arg, errmsg,
+		  &client_name, &service_name, rqstp);
 
 	 /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
     }
@@ -469,9 +516,8 @@ modify_principal_2_svc(mprinc_arg *arg, struct svc_req *rqstp)
 	|| kadm5int_acl_impose_restrictions(handle->context,
 				   &arg->rec, &arg->mask, rp)) {
 	 ret.code = KADM5_AUTH_MODIFY;
-	 krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_modify_principal",
-		prime_arg, client_name.value, service_name.value,
-		inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+	 log_unauth("kadm5_modify_principal", prime_arg,
+		    &client_name, &service_name, rqstp);
     } else {
 	 ret.code = kadm5_modify_principal((void *)handle, &arg->rec,
 						arg->mask);
@@ -480,10 +526,8 @@ modify_principal_2_svc(mprinc_arg *arg, struct svc_req *rqstp)
 	 else
 	     errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
 
-	 krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_modify_principal",
-			  prime_arg, errmsg,
-			  client_name.value, service_name.value,
-			  inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+	 log_done("kadm5_modify_principal", prime_arg, errmsg,
+		  &client_name, &service_name, rqstp);
 
 	 /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
     }
@@ -546,9 +590,8 @@ rename_principal_2_svc(rprinc_arg *arg, struct svc_req *rqstp)
     } else
 	 ret.code = KADM5_AUTH_INSUFFICIENT;
     if (ret.code != KADM5_OK) {
-	 krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_rename_principal",
-		prime_arg, client_name.value, service_name.value,
-		inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+	 log_unauth("kadm5_rename_principal", prime_arg,
+		    &client_name, &service_name, rqstp);
     } else {
 	 ret.code = kadm5_rename_principal((void *)handle, arg->src,
 						arg->dest);
@@ -557,10 +600,8 @@ rename_principal_2_svc(rprinc_arg *arg, struct svc_req *rqstp)
 	 else
 	     errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
 
-	 krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_rename_principal",
-		prime_arg, errmsg,
-		client_name.value, service_name.value,
-		inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+	 log_done("kadm5_rename_principal", prime_arg, errmsg,
+		  &client_name, &service_name, rqstp);
     }
     free_server_handle(handle);
     free(prime_arg1);
@@ -614,9 +655,8 @@ get_principal_2_svc(gprinc_arg *arg, struct svc_req *rqstp)
 					       arg->princ,
 					       NULL))) {
 	 ret.code = KADM5_AUTH_GET;
-	 krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, funcname,
-		prime_arg, client_name.value, service_name.value,
-		inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+	 log_unauth(funcname, prime_arg,
+		    &client_name, &service_name, rqstp);
     } else {
 	 if (handle->api_version == KADM5_API_VERSION_1) {
 	      ret.code  = kadm5_get_principal_v1((void *)handle,
@@ -636,11 +676,8 @@ get_principal_2_svc(gprinc_arg *arg, struct svc_req *rqstp)
 	 else
 	     errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
 
-	 krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname,
-		prime_arg,  
-		errmsg,
-		client_name.value, service_name.value,
-		inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+	 log_done(funcname, prime_arg, errmsg,
+		  &client_name, &service_name, rqstp);
 
     }
     free_server_handle(handle);
@@ -688,9 +725,8 @@ get_princs_2_svc(gprincs_arg *arg, struct svc_req *rqstp)
 					      NULL,
 					      NULL)) {
 	 ret.code = KADM5_AUTH_LIST;
-	 krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_get_principals",
-		prime_arg, client_name.value, service_name.value,
-		inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+	 log_unauth("kadm5_get_principals", prime_arg,
+		    &client_name, &service_name, rqstp);
     } else {
 	 ret.code  = kadm5_get_principals((void *)handle,
 					       arg->exp, &ret.princs,
@@ -700,11 +736,8 @@ get_princs_2_svc(gprincs_arg *arg, struct svc_req *rqstp)
 	 else
 	     errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
 
-	 krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_get_principals",
-		prime_arg,  
-		errmsg,
-		client_name.value, service_name.value,
-		inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+	 log_done("kadm5_get_principals", prime_arg, errmsg,
+		  &client_name, &service_name, rqstp);
 
     }
     free_server_handle(handle);
@@ -755,9 +788,8 @@ chpass_principal_2_svc(chpass_arg *arg, struct svc_req *rqstp)
 	 ret.code = kadm5_chpass_principal((void *)handle, arg->princ,
 						arg->pass);
     } else {
-	 krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_chpass_principal",
-		prime_arg, client_name.value, service_name.value,
-		inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+	 log_unauth("kadm5_chpass_principal", prime_arg,
+		    &client_name, &service_name, rqstp);
 	 ret.code = KADM5_AUTH_CHANGEPW;
     }
 
@@ -767,10 +799,8 @@ chpass_principal_2_svc(chpass_arg *arg, struct svc_req *rqstp)
 	 else
 	     errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
 
-	krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_chpass_principal", 
-	       prime_arg, errmsg,
-	       client_name.value, service_name.value,
-	       inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+	log_done("kadm5_chpass_principal", prime_arg, errmsg,
+		 &client_name, &service_name, rqstp);
     }
 
     free_server_handle(handle);
@@ -828,9 +858,8 @@ chpass_principal3_2_svc(chpass3_arg *arg, struct svc_req *rqstp)
 					     arg->ks_tuple,
 					     arg->pass);
     } else {
-	 krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_chpass_principal",
-		prime_arg, client_name.value, service_name.value,
-		inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+	 log_unauth("kadm5_chpass_principal", prime_arg,
+		    &client_name, &service_name, rqstp);
 	 ret.code = KADM5_AUTH_CHANGEPW;
     }
 
@@ -840,10 +869,8 @@ chpass_principal3_2_svc(chpass3_arg *arg, struct svc_req *rqstp)
 	else
 	     errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
 
-	krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_chpass_principal", 
-	       prime_arg, errmsg, 
-	       client_name.value, service_name.value,
-	       inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+	log_done("kadm5_chpass_principal", prime_arg, errmsg,
+		 &client_name, &service_name, rqstp);
     }
 
     free_server_handle(handle);
@@ -892,9 +919,8 @@ setv4key_principal_2_svc(setv4key_arg *arg, struct svc_req *rqstp)
 	 ret.code = kadm5_setv4key_principal((void *)handle, arg->princ,
 					     arg->keyblock);
     } else {
-	 krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_setv4key_principal",
-		prime_arg, client_name.value, service_name.value,
-		inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+	 log_unauth("kadm5_setv4key_principal", prime_arg,
+		    &client_name, &service_name, rqstp);
 	 ret.code = KADM5_AUTH_SETKEY;
     }
 
@@ -904,10 +930,8 @@ setv4key_principal_2_svc(setv4key_arg *arg, struct svc_req *rqstp)
 	else
 	     errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
 
-	krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_setv4key_principal", 
-	       prime_arg, errmsg, 
-	       client_name.value, service_name.value,
-	       inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+	log_done("kadm5_setv4key_principal", prime_arg, errmsg,
+		 &client_name, &service_name, rqstp);
     }
 
     free_server_handle(handle);
@@ -956,9 +980,8 @@ setkey_principal_2_svc(setkey_arg *arg, struct svc_req *rqstp)
 	 ret.code = kadm5_setkey_principal((void *)handle, arg->princ,
 					   arg->keyblocks, arg->n_keys);
     } else {
-	 krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_setkey_principal",
-		prime_arg, client_name.value, service_name.value,
-		inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+	 log_unauth("kadm5_setkey_principal", prime_arg,
+		    &client_name, &service_name, rqstp);
 	 ret.code = KADM5_AUTH_SETKEY;
     }
 
@@ -968,10 +991,8 @@ setkey_principal_2_svc(setkey_arg *arg, struct svc_req *rqstp)
 	else
 	    errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
 
-	krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_setkey_principal", 
-	       prime_arg, errmsg, 
-	       client_name.value, service_name.value,
-	       inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+	log_done("kadm5_setkey_principal", prime_arg, errmsg,
+		 &client_name, &service_name, rqstp);
     }
 
     free_server_handle(handle);
@@ -1023,9 +1044,8 @@ setkey_principal3_2_svc(setkey3_arg *arg, struct svc_req *rqstp)
 					     arg->ks_tuple,
 					     arg->keyblocks, arg->n_keys);
     } else {
-	 krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_setkey_principal",
-		prime_arg, client_name.value, service_name.value,
-		inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+	 log_unauth("kadm5_setkey_principal", prime_arg,
+		    &client_name, &service_name, rqstp);
 	 ret.code = KADM5_AUTH_SETKEY;
     }
 
@@ -1035,10 +1055,8 @@ setkey_principal3_2_svc(setkey3_arg *arg, struct svc_req *rqstp)
 	else
 	    errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
 
-	krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_setkey_principal", 
-	       prime_arg, errmsg, 
-	       client_name.value, service_name.value,
-	       inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+	log_done("kadm5_setkey_principal", prime_arg, errmsg,
+		 &client_name, &service_name, rqstp);
     }
 
     free_server_handle(handle);
@@ -1097,9 +1115,8 @@ chrand_principal_2_svc(chrand_arg *arg, struct svc_req *rqstp)
 	 ret.code = kadm5_randkey_principal((void *)handle, arg->princ,
 					    &k, &nkeys);
     } else {
-	 krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, funcname,
-		prime_arg, client_name.value, service_name.value,
-		inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+	 log_unauth(funcname, prime_arg,
+		    &client_name, &service_name, rqstp);
 	 ret.code = KADM5_AUTH_CHANGEPW;
     }
 
@@ -1119,10 +1136,8 @@ chrand_principal_2_svc(chrand_arg *arg, struct svc_req *rqstp)
 	else
 	    errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
 
-	krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname,
-	       prime_arg, errmsg, 
-	       client_name.value, service_name.value,
-	       inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+	log_done(funcname, prime_arg, errmsg,
+		 &client_name, &service_name, rqstp);
     }
     free_server_handle(handle);
     free(prime_arg);
@@ -1185,9 +1200,8 @@ chrand_principal3_2_svc(chrand3_arg *arg, struct svc_req *rqstp)
 					      arg->ks_tuple,
 					      &k, &nkeys);
     } else {
-	 krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, funcname,
-		prime_arg, client_name.value, service_name.value,
-		inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+	 log_unauth(funcname, prime_arg,
+		    &client_name, &service_name, rqstp);
 	 ret.code = KADM5_AUTH_CHANGEPW;
     }
 
@@ -1207,10 +1221,8 @@ chrand_principal3_2_svc(chrand3_arg *arg, struct svc_req *rqstp)
 	else
 	    errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
 
-	krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname,
-	       prime_arg, errmsg, 
-	       client_name.value, service_name.value,
-	       inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+	log_done(funcname, prime_arg, errmsg,
+		 &client_name, &service_name, rqstp);
     }
     free_server_handle(handle);
     free(prime_arg);
@@ -1253,10 +1265,9 @@ create_policy_2_svc(cpol_arg *arg, struct svc_req *rqstp)
 					      rqst2name(rqstp),
 					      ACL_ADD, NULL, NULL)) {
 	 ret.code = KADM5_AUTH_ADD;
-	 krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_create_policy",
-		prime_arg, client_name.value, service_name.value,
-		inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
-	 
+	 log_unauth("kadm5_create_policy", prime_arg,
+		    &client_name, &service_name, rqstp);
+
     } else {
 	 ret.code = kadm5_create_policy((void *)handle, &arg->rec,
 					     arg->mask);
@@ -1265,11 +1276,9 @@ create_policy_2_svc(cpol_arg *arg, struct svc_req *rqstp)
 	 else
 	     errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
 
-	 krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_create_policy",
-		((prime_arg == NULL) ? "(null)" : prime_arg),
-		errmsg, 
-		client_name.value, service_name.value,
-		inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));	 
+	 log_done("kadm5_create_policy",
+		  ((prime_arg == NULL) ? "(null)" : prime_arg), errmsg,
+		  &client_name, &service_name, rqstp);
     }
     free_server_handle(handle);
     gss_release_buffer(&minor_stat, &client_name);
@@ -1310,9 +1319,8 @@ delete_policy_2_svc(dpol_arg *arg, struct svc_req *rqstp)
     if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context,
 					      rqst2name(rqstp),
 					      ACL_DELETE, NULL, NULL)) {
-	 krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_delete_policy",
-		prime_arg, client_name.value, service_name.value,
-		inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+	 log_unauth("kadm5_delete_policy", prime_arg,
+		    &client_name, &service_name, rqstp);
 	 ret.code = KADM5_AUTH_DELETE;
     } else {
 	 ret.code = kadm5_delete_policy((void *)handle, arg->name);
@@ -1321,11 +1329,9 @@ delete_policy_2_svc(dpol_arg *arg, struct svc_req *rqstp)
 	 else
 	     errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
 
-	 krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_delete_policy",
-		((prime_arg == NULL) ? "(null)" : prime_arg),
-		errmsg, 
-		client_name.value, service_name.value,
-		inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));	 
+	 log_done("kadm5_delete_policy",
+		  ((prime_arg == NULL) ? "(null)" : prime_arg), errmsg,
+		  &client_name, &service_name, rqstp);
     }
     free_server_handle(handle);
     gss_release_buffer(&minor_stat, &client_name);
@@ -1366,9 +1372,8 @@ modify_policy_2_svc(mpol_arg *arg, struct svc_req *rqstp)
     if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context,
 					      rqst2name(rqstp),
 					      ACL_MODIFY, NULL, NULL)) {
-	 krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_modify_policy",
-		prime_arg, client_name.value, service_name.value,
-		inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+	 log_unauth("kadm5_modify_policy", prime_arg,
+		    &client_name, &service_name, rqstp);
 	 ret.code = KADM5_AUTH_MODIFY;
     } else {
 	 ret.code = kadm5_modify_policy((void *)handle, &arg->rec,
@@ -1378,11 +1383,9 @@ modify_policy_2_svc(mpol_arg *arg, struct svc_req *rqstp)
 	 else
 	     errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
 
-	 krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_modify_policy",
-		((prime_arg == NULL) ? "(null)" : prime_arg),	    
-		errmsg, 
-		client_name.value, service_name.value,
-		inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));	
+	 log_done("kadm5_modify_policy",
+		  ((prime_arg == NULL) ? "(null)" : prime_arg), errmsg,
+		  &client_name, &service_name, rqstp);
     }
     free_server_handle(handle);
     gss_release_buffer(&minor_stat, &client_name);
@@ -1464,15 +1467,12 @@ get_policy_2_svc(gpol_arg *arg, struct svc_req *rqstp)
 	 else
 	     errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
 
-	 krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname,
-		((prime_arg == NULL) ? "(null)" : prime_arg),
-		errmsg, 
-		client_name.value, service_name.value,
-		inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));	 
+	 log_done(funcname,
+		  ((prime_arg == NULL) ? "(null)" : prime_arg), errmsg,
+		  &client_name, &service_name, rqstp);
     } else {
-	 krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, funcname,
-		prime_arg, client_name.value, service_name.value,
-		inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+	 log_unauth(funcname, prime_arg,
+		    &client_name, &service_name, rqstp);
     }
     free_server_handle(handle);
     gss_release_buffer(&minor_stat, &client_name);
@@ -1517,9 +1517,8 @@ get_pols_2_svc(gpols_arg *arg, struct svc_req *rqstp)
 					      rqst2name(rqstp),
 					      ACL_LIST, NULL, NULL)) {
 	 ret.code = KADM5_AUTH_LIST;
-	 krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_get_policies",
-		prime_arg, client_name.value, service_name.value,
-		inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+	 log_unauth("kadm5_get_policies", prime_arg,
+		    &client_name, &service_name, rqstp);
     } else {
 	 ret.code  = kadm5_get_policies((void *)handle,
 					       arg->exp, &ret.pols,
@@ -1529,11 +1528,8 @@ get_pols_2_svc(gpols_arg *arg, struct svc_req *rqstp)
 	 else
 	     errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
 
-	 krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_get_policies",
-		prime_arg,  
-		errmsg, 
-		client_name.value, service_name.value,
-		inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+	 log_done("kadm5_get_policies", prime_arg, errmsg,
+		  &client_name, &service_name, rqstp);
     }
     free_server_handle(handle);
     gss_release_buffer(&minor_stat, &client_name);
@@ -1573,11 +1569,8 @@ getprivs_ret * get_privs_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp)
      else
 	 errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
 
-     krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_get_privs",
-	    client_name.value, 
-	    errmsg, 
-	    client_name.value, service_name.value,
-	    inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+     log_done("kadm5_get_privs", client_name.value, errmsg,
+	      &client_name, &service_name, rqstp);
 
      free_server_handle(handle);
      gss_release_buffer(&minor_stat, &client_name);
@@ -1594,6 +1587,8 @@ generic_ret *init_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp)
      kadm5_server_handle_t	handle;
      OM_uint32			minor_stat;
      char                       *errmsg = 0;
+     size_t clen, slen;
+     char *cdots, *sdots;
 
      xdr_free(xdr_generic_ret, &ret);
 
@@ -1612,14 +1607,22 @@ generic_ret *init_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp)
 
      if (ret.code != 0)
 	 errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
-     krb5_klog_syslog(LOG_NOTICE, LOG_DONE ", flavor=%d",
-	    (ret.api_version == KADM5_API_VERSION_1 ?
-	     "kadm5_init (V1)" : "kadm5_init"),
-	    client_name.value,
-	    (ret.code == 0) ? "success" : errmsg,
-	    client_name.value, service_name.value,
-	    inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr),
-	    rqstp->rq_cred.oa_flavor);
+     else
+	 errmsg = "success";
+
+     clen = client_name.length;
+     trunc_name(&clen, &cdots);
+     slen = service_name.length;
+     trunc_name(&slen, &sdots);
+     krb5_klog_syslog(LOG_NOTICE, "Request: %s, %.*s%s, %s, "
+		      "client=%.*s%s, service=%.*s%s, addr=%s, flavor=%d",
+		      (ret.api_version == KADM5_API_VERSION_1 ?
+		       "kadm5_init (V1)" : "kadm5_init"),
+		      clen, client_name.value, cdots, errmsg,
+		      clen, client_name.value, cdots,
+		      slen, service_name.value, sdots,
+		      inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr),
+		      rqstp->rq_cred.oa_flavor);
      gss_release_buffer(&minor_stat, &client_name);
      gss_release_buffer(&minor_stat, &service_name);
 	    
diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c
index c7221247c..8e960cb04 100644
--- a/src/kdc/do_tgs_req.c
+++ b/src/kdc/do_tgs_req.c
@@ -491,28 +491,38 @@ tgt_again:
 	newtransited = 1;
     }
     if (!isflagset (request->kdc_options, KDC_OPT_DISABLE_TRANSITED_CHECK)) {
+	unsigned int tlen;
+	char *tdots;
+
 	errcode = krb5_check_transited_list (kdc_context,
 					     &enc_tkt_reply.transited.tr_contents,
 					     krb5_princ_realm (kdc_context, header_ticket->enc_part2->client),
 					     krb5_princ_realm (kdc_context, request->server));
+	tlen = enc_tkt_reply.transited.tr_contents.length;
+	tdots = tlen > 125 ? "..." : "";
+	tlen = tlen > 125 ? 125 : tlen;
+
 	if (errcode == 0) {
 	    setflag (enc_tkt_reply.flags, TKT_FLG_TRANSIT_POLICY_CHECKED);
 	} else if (errcode == KRB5KRB_AP_ERR_ILL_CR_TKT)
 	    krb5_klog_syslog (LOG_INFO,
-			      "bad realm transit path from '%s' to '%s' via '%.*s'",
+			      "bad realm transit path from '%s' to '%s' "
+			      "via '%.*s%s'",
 			      cname ? cname : "<unknown client>",
 			      sname ? sname : "<unknown server>",
-			      enc_tkt_reply.transited.tr_contents.length,
-			      enc_tkt_reply.transited.tr_contents.data);
+			      tlen,
+			      enc_tkt_reply.transited.tr_contents.data,
+			      tdots);
 	else {
 	    const char *emsg = krb5_get_error_message(kdc_context, errcode);
 	    krb5_klog_syslog (LOG_ERR,
-			      "unexpected error checking transit from '%s' to '%s' via '%.*s': %s",
+			      "unexpected error checking transit from "
+			      "'%s' to '%s' via '%.*s%s': %s",
 			      cname ? cname : "<unknown client>",
 			      sname ? sname : "<unknown server>",
-			      enc_tkt_reply.transited.tr_contents.length,
+			      tlen,
 			      enc_tkt_reply.transited.tr_contents.data,
-			      emsg);
+			      tdots, emsg);
 	    krb5_free_error_message(kdc_context, emsg);
 	}
     } else
@@ -542,6 +552,9 @@ tgt_again:
 	if (!krb5_principal_compare(kdc_context, request->server, client2)) {
 		if ((errcode = krb5_unparse_name(kdc_context, client2, &tmp)))
 			tmp = 0;
+		if (tmp != NULL)
+		    limit_string(tmp);
+
 		krb5_klog_syslog(LOG_INFO,
 				 "TGS_REQ %s: 2ND_TKT_MISMATCH: "
 				 "authtime %d, %s for %s, 2nd tkt client %s",
@@ -816,6 +829,7 @@ find_alternate_tgs(krb5_kdc_req *request, krb5_db_entry *server,
 		krb5_klog_syslog(LOG_INFO,
 		       "TGS_REQ: issuing alternate <un-unparseable> TGT");
 	    } else {
+		limit_string(sname);
 		krb5_klog_syslog(LOG_INFO,
 		       "TGS_REQ: issuing TGT %s", sname);
 		free(sname);
diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c
index 7325d4572..aeabc5c65 100644
--- a/src/kdc/kdc_util.c
+++ b/src/kdc/kdc_util.c
@@ -404,6 +404,7 @@ kdc_get_server_key(krb5_ticket *ticket, krb5_keyblock **key, krb5_kvno *kvno)
 
 	krb5_db_free_principal(kdc_context, &server, nprincs);
 	if (!krb5_unparse_name(kdc_context, ticket->server, &sname)) {
+	    limit_string(sname);
 	    krb5_klog_syslog(LOG_ERR,"TGS_REQ: UNKNOWN SERVER: server='%s'",
 			     sname);
 	    free(sname);
diff --git a/src/lib/kadm5/logger.c b/src/lib/kadm5/logger.c
index 212034bb9..e6fe44da6 100644
--- a/src/lib/kadm5/logger.c
+++ b/src/lib/kadm5/logger.c
@@ -41,7 +41,7 @@
 #endif	/* HAVE_SYSLOG_H */
 #include <stdarg.h>
 
-#define	KRB5_KLOG_MAX_ERRMSG_SIZE	1024
+#define	KRB5_KLOG_MAX_ERRMSG_SIZE	2048
 #ifndef	MAXHOSTNAMELEN
 #define	MAXHOSTNAMELEN	256
 #endif	/* MAXHOSTNAMELEN */
@@ -257,7 +257,9 @@ klog_com_err_proc(const char *whoami, long int code, const char *format, va_list
 #endif	/* HAVE_SYSLOG */
 
     /* Now format the actual message */
-#if	HAVE_VSPRINTF
+#if	HAVE_VSNPRINTF
+    vsnprintf(cp, sizeof(outbuf) - (cp - outbuf), actual_format, ap);
+#elif	HAVE_VSPRINTF
     vsprintf(cp, actual_format, ap);
 #else	/* HAVE_VSPRINTF */
     sprintf(cp, actual_format, ((int *) ap)[0], ((int *) ap)[1],
@@ -846,7 +848,9 @@ klog_vsyslog(int priority, const char *format, va_list arglist)
     syslogp = &outbuf[strlen(outbuf)];
 
     /* Now format the actual message */
-#ifdef	HAVE_VSPRINTF
+#ifdef	HAVE_VSNPRINTF
+    vsnprintf(syslogp, sizeof(outbuf) - (syslogp - outbuf), format, arglist);
+#elif	HAVE_VSPRINTF
     vsprintf(syslogp, format, arglist);
 #else	/* HAVE_VSPRINTF */
     sprintf(syslogp, format, ((int *) arglist)[0], ((int *) arglist)[1],