diff options
author | Tom Yu <tlyu@mit.edu> | 2008-02-29 05:23:56 +0000 |
---|---|---|
committer | Tom Yu <tlyu@mit.edu> | 2008-02-29 05:23:56 +0000 |
commit | b302584b340be1089e5191b0e9912124bbe65962 (patch) | |
tree | 54cc99d716bedd7406339f2949568c5936b8659e | |
parent | 997057a521734827b7b75693939540249aa5670e (diff) | |
download | krb5-b302584b340be1089e5191b0e9912124bbe65962.zip krb5-b302584b340be1089e5191b0e9912124bbe65962.tar.gz krb5-b302584b340be1089e5191b0e9912124bbe65962.tar.bz2 |
Make a NUL-terminated copy of realm name before passing to a plugin
interface that takes a C string rather than krb5_data.
ticket: 5893
tags: pullup
target_version: 1.6.4
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20243 dc483132-0cff-0310-8789-dd5450dbe970
-rw-r--r-- | src/lib/krb5/os/locate_kdc.c | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/src/lib/krb5/os/locate_kdc.c b/src/lib/krb5/os/locate_kdc.c index f03568b..7605328 100644 --- a/src/lib/krb5/os/locate_kdc.c +++ b/src/lib/krb5/os/locate_kdc.c @@ -622,6 +622,7 @@ module_locate_server (krb5_context ctx, const krb5_data *realm, krb5_error_code code; struct krb5plugin_service_locate_ftable *vtbl = NULL; void **ptrs; + char *realmz; /* NUL-terminated realm */ int i; struct module_callback_data cbdata = { 0, }; @@ -643,6 +644,17 @@ module_locate_server (krb5_context ctx, const krb5_data *realm, return KRB5_PLUGIN_NO_HANDLE; } + if (realm->length >= UINT_MAX) { + krb5int_free_plugin_dir_data(ptrs); + return ENOMEM; + } + realmz = malloc(realm->length + 1); + if (realmz == NULL) { + krb5int_free_plugin_dir_data(ptrs); + return ENOMEM; + } + memcpy(realmz, realm->data, realm->length); + realmz[realm->length] = '\0'; for (i = 0; ptrs[i]; i++) { void *blob; @@ -655,7 +667,7 @@ module_locate_server (krb5_context ctx, const krb5_data *realm, if (code) continue; - code = vtbl->lookup(blob, svc, realm->data, socktype, family, + code = vtbl->lookup(blob, svc, realmz, socktype, family, module_callback, &cbdata); vtbl->fini(blob); if (code == KRB5_PLUGIN_NO_HANDLE) { @@ -668,6 +680,7 @@ module_locate_server (krb5_context ctx, const krb5_data *realm, /* Module encountered an actual error. */ Tprintf("plugin lookup routine returned error %d: %s\n", code, error_message(code)); + free(realmz); krb5int_free_plugin_dir_data (ptrs); return code; } @@ -675,6 +688,7 @@ module_locate_server (krb5_context ctx, const krb5_data *realm, } if (ptrs[i] == NULL) { Tprintf("ran off end of plugin list\n"); + free(realmz); krb5int_free_plugin_dir_data (ptrs); return KRB5_PLUGIN_NO_HANDLE; } @@ -683,6 +697,7 @@ module_locate_server (krb5_context ctx, const krb5_data *realm, /* Got something back, yippee. */ Tprintf("now have %d addrs in list %p\n", addrlist->naddrs, addrlist); print_addrlist(addrlist); + free(realmz); krb5int_free_plugin_dir_data (ptrs); return 0; } |