projects / krb5.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: da16bd2) | patch
buffer overflow in krb5_kt_get_name
authorEzra Peisach <epeisach@mit.edu>
Thu, 1 Feb 2007 19:17:31 +0000 (19:17 +0000)
committerEzra Peisach <epeisach@mit.edu>
Thu, 1 Feb 2007 19:17:31 +0000 (19:17 +0000)
commit605c7645d316bb591aaad9a1911d0c3c68032272
tree35669c01a7f95b3823bb77de0b695e43f7e9a417tree | snapshot
parentda16bd216dc4a780aebbcdd640c4c92bb33a825bcommit | diff
buffer overflow in krb5_kt_get_name

krb5_kt_get_name() allows the called to specify the size of the buffer to copy
the name into. The size must be big enough for the tailing nul character.

If one specified a buffer length that is precisely the strlen w/o allowing for
the nul - the functions would copy one past the end of the buffer.

No code in our tree would be subject this problem - as buffers in use are 1024
or BUFSIZ....

The logic failure was:

strlen(p+1) vs. strlen(p)+1

The code is essentially duplicated in the three changed files.

Ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19137 dc483132-0cff-0310-8789-dd5450dbe970
src/lib/krb5/keytab/kt_file.c diff | blob | history
src/lib/krb5/keytab/kt_memory.c diff | blob | history
src/lib/krb5/keytab/kt_srvtab.c diff | blob | history
MIT implementation of the Kerberos network authentication protocol. This repo may be rebased, so don't base your work on it. Use git://github.com/krb5/krb5 instead.