+1999-08-31 17:28 Jeffrey Altman <jaltman@columbia.edu>
+
+ * kerberos5.c: Ensure that only "host" service tickets are accepted.
+
Wed Feb 3 22:59:27 1999 Theodore Y. Ts'o <tytso@mit.edu>
* kerberos5.c: Increase size of str_data so that we can accept
#ifdef ENCRYPTION
Session_Key skey;
#endif
- char errbuf[128];
+ char errbuf[320];
char *name;
char *getenv();
krb5_data inbuf;
(void) strcat(errbuf, error_message(r));
goto errout;
}
+
+ /*
+ * 256 bytes should be much larger than any reasonable
+ * first component of a service name especially since
+ * the default is of length 4.
+ */
+ if (krb5_princ_component(telnet_context,ticket->server,0)->length < 256) {
+ char princ[256];
+ strncpy(princ,
+ krb5_princ_component(telnet_context, ticket->server,0)->data,
+ krb5_princ_component(telnet_context, ticket->server,0)->length);
+ princ[krb5_princ_component(telnet_context,
+ ticket->server,0)->length] = '\0';
+ if (strcmp("host", princ)) {
+ (void) sprintf(errbuf, "incorrect service name: \"%s\" != \"%s\"",
+ princ, "host");
+ goto errout;
+ }
+ } else {
+ (void) strcpy(errbuf, "service name too long");
+ goto errout;
+ }
+
r = krb5_auth_con_getauthenticator(telnet_context,
auth_context,
&authenticator);
errout:
{
- char eerrbuf[128+9];
+ char eerrbuf[329];
strcpy(eerrbuf, "telnetd: ");
strcat(eerrbuf, errbuf);