From: Tom Yu <tlyu@mit.edu>
Date: Tue, 11 Feb 2003 03:08:21 +0000 (+0000)
Subject: 	* password_to_key.c (krb5_passwd_to_key): Replace snprintf() call
X-Git-Tag: krb5-1.3-alpha1~102
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=fa4ab3193c1cb0e2bd79593ffc5ec6c28dacaa2c;p=krb5.git

	* password_to_key.c (krb5_passwd_to_key): Replace snprintf() call
	with explicit length checking.

	* memcache.c (krb4int_save_credentials_addr): Renamed from
	krb_save_credentials().
	(krb_save_credentials): Implement in terms of
	krb4int_save_credentials_addr().

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15175 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/lib/krb4/ChangeLog b/src/lib/krb4/ChangeLog
index e71a890ae..89609dbba 100644
--- a/src/lib/krb4/ChangeLog
+++ b/src/lib/krb4/ChangeLog
@@ -1,5 +1,13 @@
 2003-02-10  Tom Yu  <tlyu@mit.edu>
 
+	* password_to_key.c (krb5_passwd_to_key): Replace snprintf() call
+	with explicit length checking.
+
+	* memcache.c (krb4int_save_credentials_addr): Renamed from
+	krb_save_credentials().
+	(krb_save_credentials): Implement in terms of
+	krb4int_save_credentials_addr().
+
 	* password_to_key.c (mit_passwd_to_key, krb5_passwd_to_key) 
 	(afs_passwd_to_key): Fix to have KRB5_CALLCONV.
 
diff --git a/src/lib/krb4/memcache.c b/src/lib/krb4/memcache.c
index 77fe0ed50..65fbce451 100644
--- a/src/lib/krb4/memcache.c
+++ b/src/lib/krb4/memcache.c
@@ -13,6 +13,7 @@
  */
 
 #include "krb.h"
+#include "krb4int.h"
 
 #ifdef _WIN32
 #include <errno.h>
@@ -457,9 +458,9 @@ krb_get_cred (service, instance, realm, c)
  * Returns KSUCCESS if all goes well, otherwise KFAILURE.
  */
 
-int KRB5_CALLCONV
-krb_save_credentials(sname, sinst, srealm, session, 
-			lifetime, kvno, ticket, issue_date)
+int
+krb4int_save_credentials_addr(sname, sinst, srealm, session, 
+			      lifetime, kvno, ticket, issue_date, laddr)
 
 	char* sname;		/* Service name */
 	char* sinst;		/* Instance */	
@@ -469,6 +470,7 @@ krb_save_credentials(sname, sinst, srealm, session,
 	int kvno;		/* Key version number */
     	KTEXT ticket; 		/* The ticket itself */
 	long issue_date;	/* The issue time */
+	KRB_UINT32 laddr;
 {
 	CREDENTIALS	cr;
 
@@ -488,6 +490,23 @@ krb_save_credentials(sname, sinst, srealm, session,
 	return KSUCCESS;
 }
 
+int KRB5_CALLCONV
+krb_save_credentials(
+    char	*name,
+    char	*inst,
+    char	*realm,
+    C_Block	session,
+    int		lifetime,
+    int		kvno,
+    KTEXT	ticket,
+    long	issue_date)
+{
+    return krb4int_save_credentials_addr(name, inst, realm, session,
+					 lifetime, kvno, ticket,
+					 issue_date, 0);
+}
+
+
 int
 krb_delete_cred (sname, sinstance, srealm)
 	char *sname;
diff --git a/src/lib/krb4/password_to_key.c b/src/lib/krb4/password_to_key.c
index adde3b9fd..8cc2fc20f 100644
--- a/src/lib/krb4/password_to_key.c
+++ b/src/lib/krb4/password_to_key.c
@@ -105,12 +105,17 @@ krb5_passwd_to_key(
     char	*passwd,
     C_Block	key)
 {
+    size_t	len, tlen;
+    char	*p;
+
     if (user && instance && realm && passwd) {
-        unsigned int len = MAX_K_NAME_SZ + strlen(passwd) + 1;
-        char *p = malloc (len);
+        len = MAX_K_NAME_SZ + strlen(passwd) + 1;
+	tlen = strlen(passwd) + strlen(realm) + strlen(user) + strlen(instance) + 1;
+	if (tlen > len)
+	    return 0;
+        p = malloc (tlen);
         if (p != NULL) {
-            snprintf (p, len, "%s%s%s%s", passwd, realm, user, instance);
-            p[len - 1] = '\0';
+            sprintf (p, "%s%s%s%s", passwd, realm, user, instance);
             des_string_to_key (p, key);
             free (p);
             return 0;