From: Ken Raeburn <raeburn@mit.edu>
Date: Tue, 1 Apr 2003 22:37:36 +0000 (+0000)
Subject: Red Hat's krb5_princ_size fixes
X-Git-Tag: krb5-1.4-beta1~1030
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=3c069b7b1a74fd776431a4c792a4bc5163b03328;p=krb5.git

Red Hat's krb5_princ_size fixes

ticket: 1397
status: open
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15312 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/appl/telnet/libtelnet/ChangeLog b/src/appl/telnet/libtelnet/ChangeLog
index 899927446..11380530f 100644
--- a/src/appl/telnet/libtelnet/ChangeLog
+++ b/src/appl/telnet/libtelnet/ChangeLog
@@ -1,3 +1,8 @@
+2003-04-01  Nalin Dahyabhai  <nalin@redhat.com>
+
+	* kerberos5.c (kerberos5_is): Check principal name length before
+	examining components.
+
 2003-01-07  Ken Raeburn  <raeburn@mit.edu>
 
 	* Makefile.orig: Deleted.
diff --git a/src/appl/telnet/libtelnet/kerberos5.c b/src/appl/telnet/libtelnet/kerberos5.c
index 3a1c8f24e..eb150a7c0 100644
--- a/src/appl/telnet/libtelnet/kerberos5.c
+++ b/src/appl/telnet/libtelnet/kerberos5.c
@@ -446,6 +446,10 @@ kerberos5_is(ap, data, cnt)
 		 * first component of a service name especially since
 		 * the default is of length 4.
 		 */
+		if (krb5_princ_size(telnet_context,ticket->server) < 1) {
+		    (void) strcpy(errbuf, "malformed service name");
+		    goto errout;
+		}
 		if (krb5_princ_component(telnet_context,ticket->server,0)->length < 256) {
 		    char princ[256];
 		    strncpy(princ,	
diff --git a/src/clients/ksu/ChangeLog b/src/clients/ksu/ChangeLog
index 44415a033..17a1dffe8 100644
--- a/src/clients/ksu/ChangeLog
+++ b/src/clients/ksu/ChangeLog
@@ -1,3 +1,10 @@
+2003-04-01  Nalin Dahyabhai  <nalin@redhat.com>
+
+	* heuristic.c (get_closest_principal): Don't try to examine
+	principal name components after the last.
+	* krb_auth_su.c (get_best_principal): Check principal name length
+	before examining components.
+
 2002-12-23  Ezra Peisach  <epeisach@bu.edu>
 
 	* authorization.c, heuristic.c, ksu.h: Use uid_t instead of int in
diff --git a/src/clients/ksu/heuristic.c b/src/clients/ksu/heuristic.c
index c79f94369..85b94b5e2 100644
--- a/src/clients/ksu/heuristic.c
+++ b/src/clients/ksu/heuristic.c
@@ -364,7 +364,7 @@ krb5_error_code get_closest_principal(context, plist, client, found)
 		krb5_data *p2 =
 		    krb5_princ_component(context, temp_client, j);
 		
-		if ((p1->length != p2->length) ||
+		if (!p1 || !p2 || (p1->length != p2->length) ||
 		    memcmp(p1->data,p2->data,p1->length)){
 		    got_one = FALSE;
 		    break;
diff --git a/src/clients/ksu/krb_auth_su.c b/src/clients/ksu/krb_auth_su.c
index 6e76149c1..8e1834240 100644
--- a/src/clients/ksu/krb_auth_su.c
+++ b/src/clients/ksu/krb_auth_su.c
@@ -547,7 +547,9 @@ krb5_error_code get_best_principal(context, plist, client)
 			 krb5_princ_realm(context, temp_client)->length))){
 	    
 	    
-	    if(nelem){ 
+	    if (nelem &&
+		krb5_princ_size(context, *client) > 0 &&
+		krb5_princ_size(context, temp_client) > 0) {
 		krb5_data *p1 =
 		    krb5_princ_component(context, *client, 0);
 		krb5_data *p2 = 
diff --git a/src/kdc/ChangeLog b/src/kdc/ChangeLog
index 29bec03c5..11bd82825 100644
--- a/src/kdc/ChangeLog
+++ b/src/kdc/ChangeLog
@@ -1,3 +1,10 @@
+2003-04-01  Nalin Dahyabhai  <nalin@redhat.com>
+
+	* do_tgs_req.c (process_tgs_req): Check that principal name
+	component 1 is present before examining it.
+	* kdc_util.c (krb5_is_tgs_principal, validate_tgs_request): Check
+	principal name length before examining components.
+
 2003-03-28  Tom Yu  <tlyu@mit.edu>
 
 	* kdc_preauth.c (verify_enc_timestamp): Save decryption error, in
diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c
index 0c6116e21..c8b679bc2 100644
--- a/src/kdc/do_tgs_req.c
+++ b/src/kdc/do_tgs_req.c
@@ -174,7 +174,7 @@ tgt_again:
 		krb5_data *tgs_1 =
 		    krb5_princ_component(kdc_context, tgs_server, 1);
 
-		if (server_1->length != tgs_1->length ||
+		if (!tgs_1 || server_1->length != tgs_1->length ||
 		    memcmp(server_1->data, tgs_1->data, tgs_1->length)) {
 		    krb5_db_free_principal(kdc_context, &server, nprincs);
 		    find_alternate_tgs(request, &server, &more, &nprincs);
diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c
index 736c51d12..9e9aa3f98 100644
--- a/src/kdc/kdc_util.c
+++ b/src/kdc/kdc_util.c
@@ -150,7 +150,8 @@ realm_compare(krb5_principal princ1, krb5_principal princ2)
  */
 krb5_boolean krb5_is_tgs_principal(krb5_principal principal)
 {
-	if ((krb5_princ_component(kdc_context, principal, 0)->length ==
+	if ((krb5_princ_size(kdc_context, principal) > 0) &&
+	    (krb5_princ_component(kdc_context, principal, 0)->length ==
 	     KRB5_TGS_NAME_SIZE) &&
 	    (!memcmp(krb5_princ_component(kdc_context, principal, 0)->data,
 		     KRB5_TGS_NAME, KRB5_TGS_NAME_SIZE)))
@@ -1162,7 +1163,8 @@ validate_tgs_request(register krb5_kdc_req *request, krb5_db_entry server,
 	    return KRB_AP_ERR_NOT_US;
 	}
 	/* ...and that the second component matches the server realm... */
-	if ((krb5_princ_component(kdc_context, ticket->server, 1)->length !=
+	if ((krb5_princ_size(kdc_context, ticket->server) <= 1) ||
+	    (krb5_princ_component(kdc_context, ticket->server, 1)->length !=
 	     krb5_princ_realm(kdc_context, request->server)->length) ||
 	    memcmp(krb5_princ_component(kdc_context, ticket->server, 1)->data,
 		   krb5_princ_realm(kdc_context, request->server)->data,
diff --git a/src/krb524/ChangeLog b/src/krb524/ChangeLog
index ba03cc0da..80e6c891f 100644
--- a/src/krb524/ChangeLog
+++ b/src/krb524/ChangeLog
@@ -1,3 +1,8 @@
+2003-04-01  Nalin Dahyabhai  <nalin@redhat.com>
+
+	* krb524d.c (do_connection): Use krb5_princ_size rather than
+	direct structure field access.
+
 2003-03-16  Sam Hartman  <hartmans@mit.edu>
 
 	* krb524d.c (handle_classic_v4): Do not support 3des enctypes as
diff --git a/src/krb524/krb524d.c b/src/krb524/krb524d.c
index 0dce9cbc9..76025067e 100644
--- a/src/krb524/krb524d.c
+++ b/src/krb524/krb524d.c
@@ -350,7 +350,7 @@ krb5_error_code do_connection(s, context)
      if (debug)
 	  printf("V5 ticket decoded\n");
      
-     if( v5tkt->server->length >= 1
+     if( krb5_princ_size(context, v5tkt->server) >= 1
 	 &&krb5_princ_component(context, v5tkt->server, 0)->length == 3
 	 &&strncmp(krb5_princ_component(context, v5tkt->server, 0)->data,
 		   "afs", 3) == 0) {
diff --git a/src/lib/krb5/keytab/ChangeLog b/src/lib/krb5/keytab/ChangeLog
index ef0e702f1..864a412e7 100644
--- a/src/lib/krb5/keytab/ChangeLog
+++ b/src/lib/krb5/keytab/ChangeLog
@@ -1,3 +1,10 @@
+2003-04-01  Nalin Dahyabhai  <nalin@redhat.com>
+
+	* kt_file.c (krb5_ktfileint_internal_read_entry): Use
+	krb5_princ_size instead of direct field access.
+	(krb5_ktfileint_write_entry, krb5_ktfileint_size_entry):
+	Likewise.
+
 2003-02-08  Tom Yu  <tlyu@mit.edu>
 
 	* kt_file.c (krb5_ktfile_get_entry): Fix comment; not going to
diff --git a/src/lib/krb5/keytab/kt_file.c b/src/lib/krb5/keytab/kt_file.c
index 9e4f15aa7..9b7b9ae8f 100644
--- a/src/lib/krb5/keytab/kt_file.c
+++ b/src/lib/krb5/keytab/kt_file.c
@@ -1324,7 +1324,7 @@ krb5_ktfileint_internal_read_entry(krb5_context context, krb5_keytab id, krb5_ke
     return 0;
 fail:
     
-    for (i = 0; i < ret_entry->principal->length; i++) {
+    for (i = 0; i < krb5_princ_size(context, ret_entry->principal); i++) {
 	    princ = krb5_princ_component(context, ret_entry->principal, i);
 	    if (princ->data)
 		    free(princ->data);
@@ -1375,9 +1375,9 @@ krb5_ktfileint_write_entry(krb5_context context, krb5_keytab id, krb5_keytab_ent
     }
 
     if (KTVERSION(id) == KRB5_KT_VNO_1) {
-	    count = (krb5_int16) entry->principal->length + 1;
+	    count = (krb5_int16) krb5_princ_size(context, entry->principal) + 1;
     } else {
-	    count = htons((u_short) entry->principal->length);
+	    count = htons((u_short) krb5_princ_size(context, entry->principal));
     }
     
     if (!xfwrite(&count, sizeof(count), 1, KTFILEP(id))) {
@@ -1396,7 +1396,7 @@ krb5_ktfileint_write_entry(krb5_context context, krb5_keytab id, krb5_keytab_ent
 	    goto abend;
     }
 
-    count = (krb5_int16) entry->principal->length;
+    count = (krb5_int16) krb5_princ_size(context, entry->principal);
     for (i = 0; i < count; i++) {
 	princ = krb5_princ_component(context, entry->principal, i);
 	size = princ->length;
@@ -1494,7 +1494,7 @@ krb5_ktfileint_size_entry(krb5_context context, krb5_keytab_entry *entry, krb5_i
     krb5_int32 total_size, i;
     krb5_error_code retval = 0;
 
-    count = (krb5_int16) entry->principal->length;
+    count = (krb5_int16) krb5_princ_size(context, entry->principal);
         
     total_size = sizeof(count);
     total_size += krb5_princ_realm(context, entry->principal)->length + (sizeof(krb5_int16));
diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog
index f72e6caeb..59ab6802d 100644
--- a/src/lib/krb5/krb/ChangeLog
+++ b/src/lib/krb5/krb/ChangeLog
@@ -1,3 +1,14 @@
+2003-04-01  Nalin Dahyabhai  <nalin@redhat.com>
+
+	* gc_frm_kdc.c (krb5_get_cred_from_kdc_opt): Check principal name
+	length before examining components.
+
+	* parse.c (krb5_parse_name): Double-check principal name length
+	before filling in components.
+
+	* srv_rcache.c (krb5_get_server_rcache): Check for null pointer
+	supplied in place of name.
+
 2003-04-01  Sam Hartman  <hartmans@mit.edu>
 
 	* rd_req.c (krb5_rd_req): If AUTH_CONTEXT_DO_TIME is cleared,
diff --git a/src/lib/krb5/krb/gc_frm_kdc.c b/src/lib/krb5/krb/gc_frm_kdc.c
index fdf00e6b1..b5c99428a 100644
--- a/src/lib/krb5/krb/gc_frm_kdc.c
+++ b/src/lib/krb5/krb/gc_frm_kdc.c
@@ -341,7 +341,9 @@ krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache, krb5_creds
 	for (next_server = top_server; *next_server; next_server++) {
             krb5_data *realm_1 = krb5_princ_component(context, next_server[0], 1);
             krb5_data *realm_2 = krb5_princ_component(context, tgtr->server, 1);
-            if (realm_1->length == realm_2->length &&
+	    if (realm_1 != NULL &&
+		realm_2 != NULL &&
+                realm_1->length == realm_2->length &&
                 !memcmp(realm_1->data, realm_2->data, realm_1->length)) {
 		break;
             }
diff --git a/src/lib/krb5/krb/parse.c b/src/lib/krb5/krb/parse.c
index abbcfbe2d..3debb6acf 100644
--- a/src/lib/krb5/krb/parse.c
+++ b/src/lib/krb5/krb/parse.c
@@ -170,11 +170,13 @@ krb5_parse_name(krb5_context context, const char *name, krb5_principal *nprincip
 				cp++;
 				size++;
 			} else if (c == COMPONENT_SEP) {
-				krb5_princ_component(context, principal, i)->length = size;
+				if (krb5_princ_size(context, principal) > i)
+					krb5_princ_component(context, principal, i)->length = size;
 				size = 0;
 				i++;
 			} else if (c == REALM_SEP) {
-				krb5_princ_component(context, principal, i)->length = size;
+				if (krb5_princ_size(context, principal) > i)
+					krb5_princ_component(context, principal, i)->length = size;
 				size = 0;
 				parsed_realm = cp+1;
 			} else
@@ -183,7 +185,8 @@ krb5_parse_name(krb5_context context, const char *name, krb5_principal *nprincip
 		if (parsed_realm)
 			krb5_princ_realm(context, principal)->length = size;
 		else
-			krb5_princ_component(context, principal, i)->length = size;
+			if (krb5_princ_size(context, principal) > i)
+				krb5_princ_component(context, principal, i)->length = size;
 		if (i + 1 != components) {
 #if !defined(_WIN32) && !defined(macintosh)
 			fprintf(stderr,
diff --git a/src/lib/krb5/krb/srv_rcache.c b/src/lib/krb5/krb/srv_rcache.c
index aa41bc52b..e2e5ed690 100644
--- a/src/lib/krb5/krb/srv_rcache.c
+++ b/src/lib/krb5/krb/srv_rcache.c
@@ -48,6 +48,9 @@ krb5_get_server_rcache(krb5_context context, const krb5_data *piece, krb5_rcache
     unsigned long uid = geteuid();
 #endif
     
+    if (piece == NULL)
+	return ENOMEM;
+    
     rcache = (krb5_rcache) malloc(sizeof(*rcache));
     if (!rcache)
 	return ENOMEM;