auth:creds: Validate realm names in set_realm and set_principal

See also
https://web.mit.edu/kerberos/krb5-latest/doc/admin/realm_config.html#realm-name

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15893

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
index 1a64a2d8cdc88f0aa0d025a35262eb9cd02dd7a2..777bf53430ddb42e90a93a5d58eb5e79bbe80399 100644 (file)
--- a/auth/credentials/credentials.c
+++ b/auth/credentials/credentials.c
@@ -33,6 +33,18 @@
 #include "system/filesys.h"
 #include "system/passwd.h"
 
+static bool str_is_ascii(const char *s) {
+       if (s != NULL) {
+               for (; s[0] != '\0'; s++) {
+                       if (!isascii(s[0])) {
+                               return false;
+                       }
+               }
+       }
+
+       return true;
+}
+
 /**
  * Create a new credentials structure
  * @param mem_ctx TALLOC_CTX parent for credentials structure
@@ -435,6 +447,14 @@ _PUBLIC_ bool cli_credentials_set_principal(struct cli_credentials *cred,
                /* If `val = NULL` is passed, principal is reset */
                cred->principal = NULL;
                if (val != NULL) {
+                       char *p = strchr(val, '@');
+                       if (p != NULL) {
+                               /* For realm names, only ASCII is allowed */
+                               if (!str_is_ascii(p + 1)) {
+                                       return false;
+                               }
+                       }
+
                        cred->principal = talloc_strdup(cred, val);
                        if (cred->principal == NULL) {
                                return false;
@@ -951,6 +971,11 @@ _PUBLIC_ bool cli_credentials_set_realm(struct cli_credentials *cred,
                /* If `val = NULL` is passed, realm is reset */
                cred->realm = NULL;
                if (val != NULL) {
+                       /* For realm names, only ASCII is allowed */
+                       if (!str_is_ascii(val)) {
+                               return false;
+                       }
+
                        cred->realm = strupper_talloc(cred, val);
                        if (cred->realm == NULL) {
                                return false;