From aed25fe148d68ca2302a3c69e68d15642f060ac1 Mon Sep 17 00:00:00 2001
From: Ezra Peisach <epeisach@mit.edu>
Date: Thu, 22 May 2003 17:31:57 +0000
Subject: [PATCH] Cross realm checks can check beyond end of buffer

        * keytab.c (is_xrealm_tgt): Use strncmp instead of strcmp - as
        principal and realm name do not need to be null terminated.

ticket: new
tags: pullup
target_version: 1.3

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15466 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/lib/kdb/ChangeLog | 5 +++++
 src/lib/kdb/keytab.c  | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/lib/kdb/ChangeLog b/src/lib/kdb/ChangeLog
index de4ff5a5e..87f60aad9 100644
--- a/src/lib/kdb/ChangeLog
+++ b/src/lib/kdb/ChangeLog
@@ -1,3 +1,8 @@
+2003-05-22  Ezra Peisach  <epeisach@mit.edu>
+
+	* keytab.c (is_xrealm_tgt): Use strncmp instead of strcmp - as
+	principal and realm name do not need to be null terminated.
+
 2003-04-01  Tom Yu  <tlyu@mit.edu>
 
 	* Makefile.in: Remove $(SHLIB_DBLIB_DEPS) and related variables.
diff --git a/src/lib/kdb/keytab.c b/src/lib/kdb/keytab.c
index 90a81cac8..5db382cc2 100644
--- a/src/lib/kdb/keytab.c
+++ b/src/lib/kdb/keytab.c
@@ -217,7 +217,7 @@ is_xrealm_tgt(krb5_context context, krb5_const_principal princ)
     dat = krb5_princ_component(context, princ, 1);
     if (dat->length != princ->realm.length)
 	return 1;
-    if (strcmp(dat->data, princ->realm.data) == 0)
+    if (strncmp(dat->data, princ->realm.data, dat->length) == 0)
 	return 0;
     return 1;
 
-- 
2.26.2