diff options
Diffstat (limited to 'src/appl/telnet/libtelnet/kerberos.c')
-rw-r--r-- | src/appl/telnet/libtelnet/kerberos.c | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/src/appl/telnet/libtelnet/kerberos.c b/src/appl/telnet/libtelnet/kerberos.c index 734466e..0fda99b 100644 --- a/src/appl/telnet/libtelnet/kerberos.c +++ b/src/appl/telnet/libtelnet/kerberos.c @@ -141,6 +141,7 @@ Data(ap, type, d, c) { unsigned char *p = str_data + 4; unsigned char *cd = (unsigned char *)d; + size_t spaceleft = sizeof(str_data) - 4; if (c == -1) c = strlen((char *)cd); @@ -156,9 +157,16 @@ Data(ap, type, d, c) *p++ = ap->type; *p++ = ap->way; *p++ = type; + spaceleft -= 3; while (c-- > 0) { - if ((*p++ = *cd++) == IAC) - *p++ = IAC; + if ((*p++ = *cd++) == IAC) { + *p++ = IAC; + spaceleft--; + } + if ((--spaceleft < 4) && c) { + errno = ENOMEM; + return -1; + } } *p++ = IAC; *p++ = SE; @@ -602,7 +610,9 @@ kerberos4_status(ap, name, level) return(level); if (UserNameRequested && !kuserok(&adat, UserNameRequested)) { - strcpy(name, UserNameRequested); + /* the name buffer comes from telnetd/telnetd{-ktd}.c */ + strncpy(name, UserNameRequested, 255); + name[255] = '\0'; return(AUTH_VALID); } else return(AUTH_USER); |