From: Tom Yu Date: Thu, 10 Apr 1997 04:09:08 +0000 (+0000) Subject: * realmofhost.c (krb_realmofhost): Add bounds checking to various X-Git-Tag: krb5-1.1-beta1~1154 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=9aa7e45ddca496e51b60d436eea5e0628838e81a;p=krb5.git * realmofhost.c (krb_realmofhost): Add bounds checking to various things. * g_krbhst.c (krb_get_krbhst): Fix to bound fscanf and sscanf. * g_krbrlm.c (krb_get_lrealm): Fix to bound fscanf. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10066 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/lib/krb4/ChangeLog b/src/lib/krb4/ChangeLog index d00a26da8..a8911e511 100644 --- a/src/lib/krb4/ChangeLog +++ b/src/lib/krb4/ChangeLog @@ -1,3 +1,12 @@ +Wed Apr 9 23:15:39 1997 Tom Yu + + * realmofhost.c (krb_realmofhost): Add bounds checking to various + things. + + * g_krbhst.c (krb_get_krbhst): Fix to bound fscanf and sscanf. + + * g_krbrlm.c (krb_get_lrealm): Fix to bound fscanf. + Sat Feb 22 19:02:08 1997 Richard Basch * Makefile.in: Use some of the new library list build rules in diff --git a/src/lib/krb4/g_krbhst.c b/src/lib/krb4/g_krbhst.c index c95abdb20..529ac0769 100644 --- a/src/lib/krb4/g_krbhst.c +++ b/src/lib/krb4/g_krbhst.c @@ -75,7 +75,7 @@ krb_get_krbhst(h,r,n) cnffile = krb__get_cnffile(); if (!cnffile) return get_krbhst_default(h, r, n); - if (fscanf(cnffile,"%s",tr) == EOF) + if (fscanf(cnffile,"%39s",tr) == EOF) /* XXX assumes REALM_SZ == 40 */ return get_krbhst_default(h, r, n); /* run through the file, looking for the nth server for this realm */ for (i = 1; i <= n;) { @@ -83,7 +83,7 @@ krb_get_krbhst(h,r,n) (void) fclose(cnffile); return get_krbhst_default(h, r, n); } - if (sscanf(linebuf, "%s %s", tr, h) != 2) + if (sscanf(linebuf, "%39s %1023s", tr, h) != 2) /* REALM_SZ == 40 */ continue; if (!strcmp(tr,r)) i++; diff --git a/src/lib/krb4/g_krbrlm.c b/src/lib/krb4/g_krbrlm.c index c6f934585..983150ce4 100644 --- a/src/lib/krb4/g_krbrlm.c +++ b/src/lib/krb4/g_krbrlm.c @@ -51,7 +51,11 @@ krb_get_lrealm(r,n) return(KFAILURE); } - if (fscanf(cnffile,"%s",r) != 1) { + /* + * XXX This assumes REALM_SZ == 40, + * and that r is 40 characters long. + */ + if (fscanf(cnffile,"%39s",r) != 1) { (void) fclose(cnffile); return(KFAILURE); } diff --git a/src/lib/krb4/realmofhost.c b/src/lib/krb4/realmofhost.c index 73af92931..b15ce9414 100644 --- a/src/lib/krb4/realmofhost.c +++ b/src/lib/krb4/realmofhost.c @@ -44,12 +44,16 @@ static char ret_realm[REALM_SZ+1]; KRB5_DLLIMP char FAR * KRB5_CALLCONV krb_realmofhost(host) -char FAR *host; + char FAR *host; { char *domain; FILE *trans_file; FILE *krb__get_realmsfile(); - char trans_host[MAXHOSTNAMELEN+1]; + /* + * This used to be MAXHOSTNAMELEN, but we don't know how big + * that will necessarily be on all systems, so assume 1024. + */ + char trans_host[1024]; char trans_realm[REALM_SZ+1]; int retval; struct hostent *h; @@ -112,24 +116,28 @@ char FAR *host; /* loop while not exact match, and more entries to read */ while (1) { - if ((retval = fscanf(trans_file, "%s %s", + /* XXX REALM_SZ == 40 */ + if ((retval = fscanf(trans_file, "%1023s %40s", trans_host, trans_realm)) != 2) { if (retval == EOF) break; continue; /* ignore broken lines */ } - trans_host[MAXHOSTNAMELEN] = '\0'; + trans_host[(MAXHOSTNAMELEN <= 1023) ? MAXHOSTNAMELEN : 1023] + = '\0'; trans_realm[REALM_SZ] = '\0'; if (trans_host[0] == '.') { /* want domain match only */ - if (domain && !strcasecmp (trans_host, domain)) { + if (domain && (strlen(trans_host) == strlen(domain)) + && !strcasecmp (trans_host, domain)) { /* got domain match, save for later */ (void) strcpy (ret_realm, trans_realm); continue; } } else { /* want exact match of hostname */ - if (!strcasecmp (trans_host, lhost)) { + if ((strlen(lhost) == strlen(trans_host)) && + !strcasecmp (trans_host, lhost)) { (void) strcpy (ret_realm, trans_realm); break; }