jaltman's principal-name check from 1.1 branch, indentation fixed

author Ken Raeburn <raeburn@mit.edu>

Wed, 1 Sep 1999 21:50:32 +0000 (21:50 +0000)

committer Ken Raeburn <raeburn@mit.edu>

Wed, 1 Sep 1999 21:50:32 +0000 (21:50 +0000)
author Ken Raeburn <raeburn@mit.edu>
Wed, 1 Sep 1999 21:50:32 +0000 (21:50 +0000)
committer Ken Raeburn <raeburn@mit.edu>
Wed, 1 Sep 1999 21:50:32 +0000 (21:50 +0000)
diff --git a/src/appl/telnet/libtelnet/ChangeLog b/src/appl/telnet/libtelnet/ChangeLog

index c3a779a42fae3b861f4bb04c313cbf0ad7102c56..61e3fc8e317f12268b9db5c500617cd9128c8090 100644 (file)
--- a/src/appl/telnet/libtelnet/ChangeLog
+++ b/src/appl/telnet/libtelnet/ChangeLog
@@ -1,3 +1,7 @@
+1999-08-31 17:28   Jeffrey Altman <jaltman@columbia.edu>
+
+        * kerberos5.c: Ensure that only "host" service tickets are accepted.
+
  Wed Feb  3 22:59:27 1999  Theodore Y. Ts'o  <tytso@mit.edu>
  
         * kerberos5.c: Increase size of str_data so that we can accept
diff --git a/src/appl/telnet/libtelnet/kerberos5.c b/src/appl/telnet/libtelnet/kerberos5.c

index 73b2c8780f511e0acb9cd2736791aab9d63ec8fc..3fa9ca43b4a4b97d19a9ae323dcd826a49753401 100644 (file)
--- a/src/appl/telnet/libtelnet/kerberos5.c
+++ b/src/appl/telnet/libtelnet/kerberos5.c
@@ -377,7 +377,7 @@ kerberos5_is(ap, data, cnt)
  #ifdef ENCRYPTION
         Session_Key skey;
  #endif
-       char errbuf[128];
+       char errbuf[320];
         char *name;
         char *getenv();
         krb5_data inbuf;
@@ -423,6 +423,29 @@ kerberos5_is(ap, data, cnt)
                         (void) strcat(errbuf, error_message(r));
                         goto errout;
                 }
+
+               /*
+                * 256 bytes should be much larger than any reasonable
+                * first component of a service name especially since
+                * the default is of length 4.
+                */
+               if (krb5_princ_component(telnet_context,ticket->server,0)->length < 256) {
+                   char princ[256];
+                   strncpy(princ,      
+                           krb5_princ_component(telnet_context, ticket->server,0)->data,
+                           krb5_princ_component(telnet_context, ticket->server,0)->length);
+                   princ[krb5_princ_component(telnet_context, 
+                                              ticket->server,0)->length] = '\0';
+                   if (strcmp("host", princ)) {
+                       (void) sprintf(errbuf, "incorrect service name: \"%s\" != \"%s\"",
+                                      princ, "host");
+                       goto errout;
+                   }
+               } else {
+                   (void) strcpy(errbuf, "service name too long");
+                   goto errout;
+               }
+
                 r = krb5_auth_con_getauthenticator(telnet_context,
                                                    auth_context,
                                                    &authenticator);
@@ -557,7 +580,7 @@ kerberos5_is(ap, data, cnt)
         
      errout:
         {
-           char eerrbuf[128+9];
+           char eerrbuf[329];
  
             strcpy(eerrbuf, "telnetd: ");
             strcat(eerrbuf, errbuf);
author	Ken Raeburn <raeburn@mit.edu>
	Wed, 1 Sep 1999 21:50:32 +0000 (21:50 +0000)
committer	Ken Raeburn <raeburn@mit.edu>
	Wed, 1 Sep 1999 21:50:32 +0000 (21:50 +0000)
src/appl/telnet/libtelnet/ChangeLog		patch \| blob \| history
src/appl/telnet/libtelnet/kerberos5.c		patch \| blob \| history