Date: Wed, 20 Apr 2016 04:45:23 +0000 (UTC) From: "Conrad E. Meyer" <cem@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r298336 - head/sys/rpc/rpcsec_gss Message-ID: <201604200445.u3K4jOGJ088800@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: cem Date: Wed Apr 20 04:45:23 2016 New Revision: 298336 URL: https://svnweb.freebsd.org/changeset/base/298336 Log: kgssapi(4): Fix string overrun in Kerberos principal construction 'buf.value' was previously treated as a nul-terminated string, but only allocated with strlen() space. Rectify this. Reported by: Coverity CID: 1007639 Sponsored by: EMC / Isilon Storage Division Modified: head/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c Modified: head/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c ============================================================================== --- head/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c Wed Apr 20 03:48:57 2016 (r298335) +++ head/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c Wed Apr 20 04:45:23 2016 (r298336) @@ -331,7 +331,7 @@ rpc_gss_get_principal_name(rpc_gss_princ * Construct a gss_buffer containing the full name formatted * as "name/node@domain" where node and domain are optional. */ - namelen = strlen(name); + namelen = strlen(name) + 1; if (node) { namelen += strlen(node) + 1; }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201604200445.u3K4jOGJ088800>