From 74beb75bb07e3921d10c8eec05eacb1f393e5e44 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Sat, 12 May 2012 12:54:06 -0400 Subject: [PATCH] Null-terminate components of parsed principals The rewritten krb5_parse_name didn't null-terminate components or realms of principals, while the old one did. Fix the new one to do so as well. This means KRB5_PRINCIPAL_PARSE_IGNORE_REALM allocates one byte for the realm instead of leaving it as empty_data(), so we need to free the realm in build_in_tkt_name() before copying in the client realm. --- src/lib/krb5/krb/get_in_tkt.c | 1 + src/lib/krb5/krb/parse.c | 20 +++++++++----------- 2 files changed, 10 insertions(+), 11 deletions(-) diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c index 1ae8021a7..8af0f5c22 100644 --- a/src/lib/krb5/krb/get_in_tkt.c +++ b/src/lib/krb5/krb/get_in_tkt.c @@ -452,6 +452,7 @@ build_in_tkt_name(krb5_context context, &server); if (ret) return ret; + krb5_free_data_contents(context, &server->realm); ret = krb5int_copy_data_contents(context, &client->realm, &server->realm); if (ret) { diff --git a/src/lib/krb5/krb/parse.c b/src/lib/krb5/krb/parse.c index dd4f44d11..cf3cce9d0 100644 --- a/src/lib/krb5/krb/parse.c +++ b/src/lib/krb5/krb/parse.c @@ -96,19 +96,16 @@ allocate_princ(krb5_context context, const char *name, krb5_boolean enterprise, } } - /* Allocate space for each non-empty component and the realm. */ + /* Allocate space for each component and the realm, with space for null + * terminators on each field. */ for (i = 0; i < princ->length; i++) { - if (princ->data[i].length > 0) { - princ->data[i].data = k5alloc(princ->data[i].length, &ret); - if (princ->data[i].data == NULL) - goto cleanup; - } - } - if (princ->realm.length > 0) { - princ->realm.data = k5alloc(princ->realm.length, &ret); - if (princ->realm.data == NULL) + princ->data[i].data = k5alloc(princ->data[i].length + 1, &ret); + if (princ->data[i].data == NULL) goto cleanup; } + princ->realm.data = k5alloc(princ->realm.length + 1, &ret); + if (princ->realm.data == NULL) + goto cleanup; *princ_out = princ; *has_realm_out = (cur_data == &princ->realm); @@ -120,7 +117,8 @@ cleanup: /* * Parse name into princ, assuming that name is correctly formed and that all - * principal fields are allocated to the correct length. If enterprise is + * principal fields are allocated to the correct length with zero-filled memory + * (so we get null-terminated fields without any extra work). If enterprise is * true, use enterprise principal parsing rules. */ static void -- 2.26.2