projects / krb5.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: fd6cef3) | patch
MITKRB5-SA-2007-002: buffer overflow in krb5_klog_syslog
authorTom Yu <tlyu@mit.edu>
Tue, 3 Apr 2007 19:23:52 +0000 (19:23 +0000)
committerTom Yu <tlyu@mit.edu>
Tue, 3 Apr 2007 19:23:52 +0000 (19:23 +0000)
commitf7f39b9dda8998390da542fb9bbc2be563c8a557
treeddc2bfdf6bb73d2b961a88f61f57d66449c41c55tree | snapshot
parentfd6cef3500bd22b289be8c9c3561a11b87843f86commit | diff
MITKRB5-SA-2007-002: buffer overflow in krb5_klog_syslog

Fix MITKRB5-SA-2007-002: buffer overflow in krb5_klog_syslog.

* src/lib/krb5/krb/get_in_tkt.c (krb5_klog_syslog): Use vsnprintf
if available.

Everything else: use precision fields on "%s" specifiers to truncate
logged strings, in case someone doesn't have vsnprintf.

ticket: new
target_version: 1.6.1
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19395 dc483132-0cff-0310-8789-dd5450dbe970
src/kadmin/server/kadm_rpc_svc.c diff | blob | history
src/kadmin/server/misc.c diff | blob | history
src/kadmin/server/misc.h diff | blob | history
src/kadmin/server/ovsec_kadmd.c diff | blob | history
src/kadmin/server/schpw.c diff | blob | history
src/kadmin/server/server_stubs.c diff | blob | history
src/kdc/do_tgs_req.c diff | blob | history
src/kdc/kdc_util.c diff | blob | history
src/lib/kadm5/logger.c diff | blob | history
MIT implementation of the Kerberos network authentication protocol. This repo may be rebased, so don't base your work on it. Use git://github.com/krb5/krb5 instead.