svn commit: r298336 - head/sys/rpc/rpcsec_gss
Conrad E. Meyer
cem at FreeBSD.org
Wed Apr 20 04:45:25 UTC 2016
Author: cem
Date: Wed Apr 20 04:45:23 2016
New Revision: 298336
URL: https://svnweb.freebsd.org/changeset/base/298336
Log:
kgssapi(4): Fix string overrun in Kerberos principal construction
'buf.value' was previously treated as a nul-terminated string, but only
allocated with strlen() space. Rectify this.
Reported by: Coverity
CID: 1007639
Sponsored by: EMC / Isilon Storage Division
Modified:
head/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c
Modified: head/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c
==============================================================================
--- head/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c Wed Apr 20 03:48:57 2016 (r298335)
+++ head/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c Wed Apr 20 04:45:23 2016 (r298336)
@@ -331,7 +331,7 @@ rpc_gss_get_principal_name(rpc_gss_princ
* Construct a gss_buffer containing the full name formatted
* as "name/node at domain" where node and domain are optional.
*/
- namelen = strlen(name);
+ namelen = strlen(name) + 1;
if (node) {
namelen += strlen(node) + 1;
}
More information about the svn-src-head
mailing list