From 9feea404fd44455bc1645aac87e7a4bb8306cca3 Mon Sep 17 00:00:00 2001 From: Harald Barth Date: Mon, 26 Mar 2001 17:18:42 +0000 Subject: [PATCH] null-terminate-cell-when-copying-from-lrealm-20010326 Avoid condition where we could read past the end of lrealm (unlikely to occur in practice and not remotely exploitable; cell and lrealm are both MAXKTCREALMLEN and lrealm is configured locally and not read from the network) --- src/kauth/krb_udp.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/kauth/krb_udp.c b/src/kauth/krb_udp.c index d8f8db2..65b144f 100644 --- a/src/kauth/krb_udp.c +++ b/src/kauth/krb_udp.c @@ -446,7 +446,10 @@ afs_int32 UDP_GetTicket (ksoc, pkt, kvno, authDomain, ticket, ticketLen, auth, a code = KERB_ERR_PKT_VER; /* was KABADTICKET */ goto abort; } - if (celllen == 0) strcpy (cell, lrealm); + if (celllen == 0) { + strncpy (cell, lrealm, MAXKTCREALMLEN-1); + cell[MAXKTCREALMLEN-1] = 0; + }; if (krb_udp_debug) { printf ("UGetTicket: got ticket from '%s'.'%s'@'%s'\n", -- 1.9.4