Author: cem
Date: Wed Apr 20 04:45:23 2016
New Revision: 298336
URL: https://svnweb.freebsd.org/changeset/base/298336
Log:
kgssapi(4): Fix string overrun in Kerberos principal construction
'buf.value' was previously treated as a nul-terminated string, but only
allocated with strlen() space. Rectify this.
Reported by: Coverity
CID: 1007639
Sponsored by: EMC / Isilon Storage Division
Modified:
head/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c
Modified: head/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c
==============================================================================
--- head/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c Wed Apr 20 03:48:57 2016
(r298335)
+++ head/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c Wed Apr 20 04:45:23 2016
(r298336)
@@ -331,7 +331,7 @@ rpc_gss_get_principal_name(rpc_gss_princ
* Construct a gss_buffer containing the full name formatted
* as "name/node@domain" where node and domain are optional.
*/
- namelen = strlen(name);
+ namelen = strlen(name) + 1;
if (node) {
namelen += strlen(node) + 1;
}
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
