From: Ken Raeburn Date: Wed, 1 Sep 1999 21:50:32 +0000 (+0000) Subject: jaltman's principal-name check from 1.1 branch, indentation fixed X-Git-Tag: krb5-1.2-beta1~252 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=6772cbcb5be8aa088e5bcfbe1db78edb83fd07d7;p=krb5.git jaltman's principal-name check from 1.1 branch, indentation fixed git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11776 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/appl/telnet/libtelnet/ChangeLog b/src/appl/telnet/libtelnet/ChangeLog index c3a779a42..61e3fc8e3 100644 --- a/src/appl/telnet/libtelnet/ChangeLog +++ b/src/appl/telnet/libtelnet/ChangeLog @@ -1,3 +1,7 @@ +1999-08-31 17:28 Jeffrey Altman + + * kerberos5.c: Ensure that only "host" service tickets are accepted. + Wed Feb 3 22:59:27 1999 Theodore Y. Ts'o * kerberos5.c: Increase size of str_data so that we can accept diff --git a/src/appl/telnet/libtelnet/kerberos5.c b/src/appl/telnet/libtelnet/kerberos5.c index 73b2c8780..3fa9ca43b 100644 --- a/src/appl/telnet/libtelnet/kerberos5.c +++ b/src/appl/telnet/libtelnet/kerberos5.c @@ -377,7 +377,7 @@ kerberos5_is(ap, data, cnt) #ifdef ENCRYPTION Session_Key skey; #endif - char errbuf[128]; + char errbuf[320]; char *name; char *getenv(); krb5_data inbuf; @@ -423,6 +423,29 @@ kerberos5_is(ap, data, cnt) (void) strcat(errbuf, error_message(r)); goto errout; } + + /* + * 256 bytes should be much larger than any reasonable + * first component of a service name especially since + * the default is of length 4. + */ + if (krb5_princ_component(telnet_context,ticket->server,0)->length < 256) { + char princ[256]; + strncpy(princ, + krb5_princ_component(telnet_context, ticket->server,0)->data, + krb5_princ_component(telnet_context, ticket->server,0)->length); + princ[krb5_princ_component(telnet_context, + ticket->server,0)->length] = '\0'; + if (strcmp("host", princ)) { + (void) sprintf(errbuf, "incorrect service name: \"%s\" != \"%s\"", + princ, "host"); + goto errout; + } + } else { + (void) strcpy(errbuf, "service name too long"); + goto errout; + } + r = krb5_auth_con_getauthenticator(telnet_context, auth_context, &authenticator); @@ -557,7 +580,7 @@ kerberos5_is(ap, data, cnt) errout: { - char eerrbuf[128+9]; + char eerrbuf[329]; strcpy(eerrbuf, "telnetd: "); strcat(eerrbuf, errbuf);