From: Greg Hudson <ghudson@mit.edu>
Date: Sun, 8 Jul 2012 04:25:06 +0000 (-0400)
Subject: Reject extra realm separators in principal names
X-Git-Tag: krb5-1.11-alpha1~440
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=f74fa6199f328c837f452fe6a4ca9e5242484b3e;p=thirdparty%2Fkrb5.git

Reject extra realm separators in principal names

Commit f609e5caff410cc8f71db7d95b4da219541437db accidentally omitted
the check for extra realm separators, leading to an assertion error
when parsing x@y@z or similar.  Restore the check.
---

diff --git a/src/lib/krb5/krb/parse.c b/src/lib/krb5/krb/parse.c
index cf3cce9d0d..613e41d1ff 100644
--- a/src/lib/krb5/krb/parse.c
+++ b/src/lib/krb5/krb/parse.c
@@ -79,6 +79,8 @@ allocate_princ(krb5_context context, const char *name, krb5_boolean enterprise,
         } else if (*p == '@' && (!enterprise || !first_at)) {
             /* Realm separator.  In enterprise principals, the first one of
              * these we see is part of the component. */
+            if (cur_data == &princ->realm)
+                return KRB5_PARSE_MALFORMED;
             cur_data = &princ->realm;
         } else {
             /* Component or realm character, possibly quoted.  Make note if