Fix reachable assert when importing krb5 names

If a name token contains trailing garbage, error out from
krb5_gss_import_name() instead of crashing the process with an
assertion failure.  Reported by Aisle Research (Ze Sheng, Dmitrijs
Trizna, Luigino Camastra, Guido Vranken).

ticket: 9217
tags: pullup
target_version: 1.22-next

diff --git a/src/lib/gssapi/krb5/import_name.c b/src/lib/gssapi/krb5/import_name.c
index a067d07423310fb0486ff7a979e8a6b57d24fc90..9a27b1468a9f81dac9792bb9d694d7151b4e43bf 100644 (file)
--- a/src/lib/gssapi/krb5/import_name.c
+++ b/src/lib/gssapi/krb5/import_name.c
@@ -297,7 +297,8 @@ import_name(OM_uint32 *minor_status, gss_buffer_t input_name_buffer,
                     goto fail_name;
                 cp += length;
             }
-            assert(cp == end);
+            if (cp != end)
+                goto fail_name;
         } else {
             status = GSS_S_BAD_NAMETYPE;
             goto cleanup;