From 393281d4cc8706b94637cfb2ed8b3e90a067e3a5 Mon Sep 17 00:00:00 2001 From: Ezra Peisach Date: Wed, 4 Oct 2006 18:40:53 +0000 Subject: [PATCH] array before test for pointing at entry with the principal. Avoids buffer overflow for end of list. Detected with a hacked up version of valgrind to handle keyring syscalls. krb5_krcc_next_cred: Move initial test if pointing past end of key git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18643 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb5/ccache/cc_keyring.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/src/lib/krb5/ccache/cc_keyring.c b/src/lib/krb5/ccache/cc_keyring.c index 8b36fe0cd..0526abd19 100644 --- a/src/lib/krb5/ccache/cc_keyring.c +++ b/src/lib/krb5/ccache/cc_keyring.c @@ -737,14 +737,18 @@ krb5_krcc_next_cred(krb5_context context, krb5_ccache id, return KRB5_CC_END; memset(creds, 0, sizeof(krb5_creds)); - /* If we're pointing at the entry with the principal, skip it */ - if (krcursor->keys[krcursor->currkey] == krcursor->princ_id) - krcursor->currkey++; - /* If we're pointing past the end of the keys array, there are no more */ if (krcursor->currkey > krcursor->numkeys) return KRB5_CC_END; + /* If we're pointing at the entry with the principal, skip it */ + if (krcursor->keys[krcursor->currkey] == krcursor->princ_id) { + krcursor->currkey++; + /* Check if we have now reached the end */ + if (krcursor->currkey > krcursor->numkeys) + return KRB5_CC_END; + } + /* Read the key, the right size buffer will ba allocated and returned */ psize = keyctl_read_alloc(krcursor->keys[krcursor->currkey], &payload); if (psize == -1) { -- 2.26.2