Fix KDC crash when logging PKINIT enctypes

Commit a649279727490687d54becad91fde8cf7429d951 introduced a KDC crash
bug due to transposed strlcpy() arguments.  Fix the argument order.

This bug does not affect any MIT krb5 release, but affects the Fedora
krb5 packages due to backports.  CVE-2019-14844 has been issued as a
result.

ticket: 8772

diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c
index 936ec23b20a580483417a65d9422fe89b859315c..8c0fa8c07245dc1e6c1dc451f4892b5896f099f8 100644 (file)
--- a/src/kdc/kdc_util.c
+++ b/src/kdc/kdc_util.c
@@ -1107,7 +1107,7 @@ enctype_name(krb5_enctype ktype, char *buf, size_t buflen)
     else
         return krb5_enctype_to_name(ktype, FALSE, buf, buflen);
 
-    if (strlcpy(name, buf, buflen) >= buflen)
+    if (strlcpy(buf, name, buflen) >= buflen)
         return ENOMEM;
     return 0;
 }