From 92afe52250d7f8f8759c8aeed996f90d8f587adf Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Fri, 7 Mar 2008 20:43:26 +0000 Subject: [PATCH] pull up r20243 from trunk r20243@cathode-dark-space: tlyu | 2008-02-29 00:23:56 -0500 ticket: 5893 tags: pullup target_version: 1.6.4 Make a NUL-terminated copy of realm name before passing to a plugin interface that takes a C string rather than krb5_data. ticket: 5893 version_fixed: 1.6.4 git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20257 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb5/os/locate_kdc.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/src/lib/krb5/os/locate_kdc.c b/src/lib/krb5/os/locate_kdc.c index 30eac1b83..a4b4c9780 100644 --- a/src/lib/krb5/os/locate_kdc.c +++ b/src/lib/krb5/os/locate_kdc.c @@ -611,6 +611,7 @@ module_locate_server (krb5_context ctx, const krb5_data *realm, krb5_error_code code; struct krb5plugin_service_locate_ftable *vtbl = NULL; void **ptrs; + char *realmz; /* NUL-terminated realm */ int i; struct module_callback_data cbdata = { 0, }; @@ -632,6 +633,17 @@ module_locate_server (krb5_context ctx, const krb5_data *realm, return KRB5_PLUGIN_NO_HANDLE; } + if (realm->length >= UINT_MAX) { + krb5int_free_plugin_dir_data(ptrs); + return ENOMEM; + } + realmz = malloc(realm->length + 1); + if (realmz == NULL) { + krb5int_free_plugin_dir_data(ptrs); + return ENOMEM; + } + memcpy(realmz, realm->data, realm->length); + realmz[realm->length] = '\0'; for (i = 0; ptrs[i]; i++) { void *blob; @@ -644,7 +656,7 @@ module_locate_server (krb5_context ctx, const krb5_data *realm, if (code) continue; - code = vtbl->lookup(blob, svc, realm->data, socktype, family, + code = vtbl->lookup(blob, svc, realmz, socktype, family, module_callback, &cbdata); vtbl->fini(blob); if (code == KRB5_PLUGIN_NO_HANDLE) { @@ -657,6 +669,7 @@ module_locate_server (krb5_context ctx, const krb5_data *realm, /* Module encountered an actual error. */ Tprintf("plugin lookup routine returned error %d: %s\n", code, error_message(code)); + free(realmz); krb5int_free_plugin_dir_data (ptrs); return code; } @@ -664,6 +677,7 @@ module_locate_server (krb5_context ctx, const krb5_data *realm, } if (ptrs[i] == NULL) { Tprintf("ran off end of plugin list\n"); + free(realmz); krb5int_free_plugin_dir_data (ptrs); return KRB5_PLUGIN_NO_HANDLE; } @@ -672,6 +686,7 @@ module_locate_server (krb5_context ctx, const krb5_data *realm, /* Got something back, yippee. */ Tprintf("now have %d addrs in list %p\n", addrlist->naddrs, addrlist); print_addrlist(addrlist); + free(realmz); krb5int_free_plugin_dir_data (ptrs); return 0; } -- 2.26.2