From 1214f2e9ad34783e8f12a42c8b06793c6e42217c Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Thu, 23 Feb 2017 11:51:04 -0500 Subject: [PATCH] Fix incorrect use of non-null terminated string Octet_string_val values are not guaranteed to be zero terminated. Signed-off-by: Simo Sorce Reviewed-by: Robbie Harwood Resolves: #49 (cherry picked from commit 25c587458c90893168fd906a5de9cc7598e94619) --- proxy/src/mechglue/gpp_creds.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/proxy/src/mechglue/gpp_creds.c b/proxy/src/mechglue/gpp_creds.c index c1506e6..38d03fd 100644 --- a/proxy/src/mechglue/gpp_creds.c +++ b/proxy/src/mechglue/gpp_creds.c @@ -14,6 +14,7 @@ uint32_t gpp_store_remote_creds(uint32_t *min, krb5_ccache ccache = NULL; krb5_creds cred; krb5_error_code ret; + char cred_name[creds->desired_name.display_name.octet_string_len + 1]; XDR xdrctx; bool xdrok; @@ -41,9 +42,11 @@ uint32_t gpp_store_remote_creds(uint32_t *min, if (ret) goto done; } - ret = krb5_parse_name(ctx, - creds->desired_name.display_name.octet_string_val, - &cred.client); + memcpy(cred_name, creds->desired_name.display_name.octet_string_val, + creds->desired_name.display_name.octet_string_len); + cred_name[creds->desired_name.display_name.octet_string_len] = '\0'; + + ret = krb5_parse_name(ctx, cred_name, &cred.client); if (ret) goto done; ret = krb5_parse_name(ctx, GPKRB_SRV_NAME, &cred.server);