krb5/krb5-keyring-strtol.patch

commit ffbb8f2fdd54c9d458dc84b544ac29eb3272bd2d
Author: Nalin Dahyabhai <nalin@dahyabhai.net>
Date:   Mon Nov 11 13:10:08 2013 -0500

    Catch more strtol() failures when using KEYRINGs
    
    When parsing what should be a UID while resolving a KEYRING ccache name,
    don't just depend on strtol() to set errno when the residual that we
    pass to it can't be parsed as a number.  In addition to checking errno,
    pass in and check the value of an "endptr".

diff --git a/src/lib/krb5/ccache/cc_keyring.c b/src/lib/krb5/ccache/cc_keyring.c
index 795ccd6..b1fc397 100644
--- a/src/lib/krb5/ccache/cc_keyring.c
+++ b/src/lib/krb5/ccache/cc_keyring.c
@@ -593,7 +593,7 @@ get_collection(const char *anchor_name, const char *collection_name,
 {
     krb5_error_code ret;
     key_serial_t persistent_id, anchor_id, possess_id = 0;
-    char *ckname;
+    char *ckname, *cnend = NULL;
     long uidnum;
 
     *collection_id_out = 0;
@@ -607,8 +607,8 @@ get_collection(const char *anchor_name, const char *collection_name,
          */
         if (*collection_name != '\0') {
             errno = 0;
-            uidnum = strtol(collection_name, NULL, 10);
-            if (errno)
+            uidnum = strtol(collection_name, &cnend, 10);
+            if (errno || cnend == NULL || *cnend != '\0')
                 return KRB5_KCC_INVALID_UID;
         } else {
             uidnum = geteuid();
Catch more strtol() failures when using KEYRINGs - check more thorougly for errors when resolving KEYRING ccache names of type "persistent", which should only have a numeric UID as the next part of the name (#1029110) 2013-11-11 19:11:29 +00:00			`commit ffbb8f2fdd54c9d458dc84b544ac29eb3272bd2d`
			`Author: Nalin Dahyabhai <nalin@dahyabhai.net>`
			`Date: Mon Nov 11 13:10:08 2013 -0500`

			`Catch more strtol() failures when using KEYRINGs`

			`When parsing what should be a UID while resolving a KEYRING ccache name,`
			`don't just depend on strtol() to set errno when the residual that we`
			`pass to it can't be parsed as a number. In addition to checking errno,`
			`pass in and check the value of an "endptr".`

			`diff --git a/src/lib/krb5/ccache/cc_keyring.c b/src/lib/krb5/ccache/cc_keyring.c`
			`index 795ccd6..b1fc397 100644`
			`--- a/src/lib/krb5/ccache/cc_keyring.c`
			`+++ b/src/lib/krb5/ccache/cc_keyring.c`
			`@@ -593,7 +593,7 @@ get_collection(const char anchor_name, const char collection_name,`
			`{`
			`krb5_error_code ret;`
			`key_serial_t persistent_id, anchor_id, possess_id = 0;`
			`- char *ckname;`
			`+ char ckname, cnend = NULL;`
			`long uidnum;`

			`*collection_id_out = 0;`
			`@@ -607,8 +607,8 @@ get_collection(const char anchor_name, const char collection_name,`
			`*/`
			`if (*collection_name != '\0') {`
			`errno = 0;`
			`- uidnum = strtol(collection_name, NULL, 10);`
			`- if (errno)`
			`+ uidnum = strtol(collection_name, &cnend, 10);`
			`+ if (errno \|\| cnend == NULL \|\| *cnend != '\0')`
			`return KRB5_KCC_INVALID_UID;`
			`} else {`
			`uidnum = geteuid();`