summaryrefslogtreecommitdiffstats
path: root/utils/gssd
diff options
context:
space:
mode:
Diffstat (limited to 'utils/gssd')
-rw-r--r--utils/gssd/gssd_proc.c8
-rw-r--r--utils/gssd/svcgssd_proc.c3
2 files changed, 6 insertions, 5 deletions
diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
index bac0520..75a04f5 100644
--- a/utils/gssd/gssd_proc.c
+++ b/utils/gssd/gssd_proc.c
@@ -127,10 +127,10 @@ read_service_info(char *info_file_name, char **servicename, char **servername,
goto fail;
close(fd);
- numfields = sscanf(buf,"RPC server: %s\n"
- "service: %s %s version %s\n"
- "address: %s\n"
- "protocol: %s\n",
+ numfields = sscanf(buf,"RPC server: %127s\n"
+ "service: %127s %15s version %15s\n"
+ "address: %127s\n"
+ "protocol: %15s\n",
dummy,
service, program, version,
address,
diff --git a/utils/gssd/svcgssd_proc.c b/utils/gssd/svcgssd_proc.c
index 14b7f17..b3a6ae8 100644
--- a/utils/gssd/svcgssd_proc.c
+++ b/utils/gssd/svcgssd_proc.c
@@ -200,7 +200,8 @@ get_ids(gss_name_t client_name, gss_OID mech, struct svc_cred *cred)
maj_stat, min_stat, mech);
goto out;
}
- if (!(sname = calloc(name.length + 1, 1))) {
+ if (name.length >= 0xffff || /* be certain name.length+1 doesn't overflow */
+ !(sname = calloc(name.length + 1, 1))) {
printerr(0, "WARNING: get_ids: error allocating %d bytes "
"for sname\n", name.length + 1);
gss_release_buffer(&min_stat, &name);
generated by cgit (git 2.34.1) at 2025-09-19 01:09:40 +0000