Null-terminate components of parsed principals

The rewritten krb5_parse_name didn't null-terminate components or
realms of principals, while the old one did.  Fix the new one to do so
as well.

This means KRB5_PRINCIPAL_PARSE_IGNORE_REALM allocates one byte for
the realm instead of leaving it as empty_data(), so we need to free
the realm in build_in_tkt_name() before copying in the client realm.

diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c
index 1ae8021a7ebe21a2b08f6f765dd480f6b563a10e..8af0f5c22f553fecdd6faf80d17dbeb0bcbc36af 100644 (file)
--- a/src/lib/krb5/krb/get_in_tkt.c
+++ b/src/lib/krb5/krb/get_in_tkt.c
@@ -452,6 +452,7 @@ build_in_tkt_name(krb5_context context,
                                     &server);
         if (ret)
             return ret;
+        krb5_free_data_contents(context, &server->realm);
         ret = krb5int_copy_data_contents(context, &client->realm,
                                          &server->realm);
         if (ret) {

diff --git a/src/lib/krb5/krb/parse.c b/src/lib/krb5/krb/parse.c
index dd4f44d11eb6555cbf2d66961b51b9e8208ecda5..cf3cce9d0d62e5ba15768f805e4da8a896404b12 100644 (file)
--- a/src/lib/krb5/krb/parse.c
+++ b/src/lib/krb5/krb/parse.c
@@ -96,19 +96,16 @@ allocate_princ(krb5_context context, const char *name, krb5_boolean enterprise,
         }
     }
 
-    /* Allocate space for each non-empty component and the realm. */
+    /* Allocate space for each component and the realm, with space for null
+     * terminators on each field. */
     for (i = 0; i < princ->length; i++) {
-        if (princ->data[i].length > 0) {
-            princ->data[i].data = k5alloc(princ->data[i].length, &ret);
-            if (princ->data[i].data == NULL)
-                goto cleanup;
-        }
-    }
-    if (princ->realm.length > 0) {
-        princ->realm.data = k5alloc(princ->realm.length, &ret);
-        if (princ->realm.data == NULL)
+        princ->data[i].data = k5alloc(princ->data[i].length + 1, &ret);
+        if (princ->data[i].data == NULL)
             goto cleanup;
     }
+    princ->realm.data = k5alloc(princ->realm.length + 1, &ret);
+    if (princ->realm.data == NULL)
+        goto cleanup;
 
     *princ_out = princ;
     *has_realm_out = (cur_data == &princ->realm);
@@ -120,7 +117,8 @@ cleanup:
 
 /*
  * Parse name into princ, assuming that name is correctly formed and that all
- * principal fields are allocated to the correct length.  If enterprise is
+ * principal fields are allocated to the correct length with zero-filled memory
+ * (so we get null-terminated fields without any extra work).  If enterprise is
  * true, use enterprise principal parsing rules.
  */
 static void