From: Greg Hudson Date: Tue, 9 Apr 2013 18:48:23 +0000 (-0400) Subject: Tighten up fixed buffer usage in hst_realm.c X-Git-Tag: krb5-1.12-alpha1~218 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5b48c74845df82b3ae5a2f7cb8e64c521583e373;p=thirdparty%2Fkrb5.git Tighten up fixed buffer usage in hst_realm.c Avoid or notice truncations, rather than letting them happen silently. --- diff --git a/src/lib/krb5/os/hst_realm.c b/src/lib/krb5/os/hst_realm.c index a01efc34cb..3bcc7923cc 100644 --- a/src/lib/krb5/os/hst_realm.c +++ b/src/lib/krb5/os/hst_realm.c @@ -110,7 +110,8 @@ krb5int_get_fq_local_hostname(char *buf, size_t bufsize) freeaddrinfo(ai); return KRB5_EAI_FAIL; } - strlcpy(buf, ai->ai_canonname, bufsize); + if (strlcpy(buf, ai->ai_canonname, bufsize) >= bufsize) + return ENOMEM; freeaddrinfo(ai); return 0; } @@ -277,20 +278,20 @@ krb5_error_code KRB5_CALLCONV krb5_get_fallback_host_realm(krb5_context context, krb5_data *hdata, char ***realmsp) { - char **retrealms, *p, *realm = NULL; + char **retrealms, *p, *realm = NULL, *host, cleanname[MAXDNAME + 1]; krb5_error_code ret; - char cleanname[MAXDNAME + 1], host[MAXDNAME + 1]; int limit; errcode_t code; krb5_boolean is_numeric; *realmsp = NULL; - /* Convert what we hope is a hostname to a string. */ - memcpy(host, hdata->data, hdata->length); - host[hdata->length] = '\0'; - + /* Convert hdata into a string and clean it up. */ + host = k5memdup0(hdata->data, hdata->length, &ret); + if (host == NULL) + return ret; ret = k5_clean_hostname(context, host, cleanname, sizeof(cleanname)); + free(host); if (ret) return ret; is_numeric = is_numeric_address(cleanname); @@ -382,8 +383,8 @@ k5_clean_hostname(krb5_context context, const char *host, char *cleanname, cleanname[0] = '\0'; if (host) { - /* Should probably error out if strlen(host) > MAXDNAME. */ - strlcpy(cleanname, host, lhsize); + if (strlcpy(cleanname, host, lhsize) >= lhsize) + return ENOMEM; } else { ret = krb5int_get_fq_local_hostname(cleanname, lhsize); if (ret)