diff options
Diffstat (limited to 'src/appl/telnet/libtelnet/kerberos5.c')
-rw-r--r-- | src/appl/telnet/libtelnet/kerberos5.c | 33 |
1 files changed, 23 insertions, 10 deletions
diff --git a/src/appl/telnet/libtelnet/kerberos5.c b/src/appl/telnet/libtelnet/kerberos5.c index 6a62f36..b4c7398 100644 --- a/src/appl/telnet/libtelnet/kerberos5.c +++ b/src/appl/telnet/libtelnet/kerberos5.c @@ -423,7 +423,8 @@ kerberos5_is(ap, data, cnt) NULL, keytabid, NULL, &ticket); if (r) { (void) strcpy(errbuf, "krb5_rd_req failed: "); - (void) strcat(errbuf, error_message(r)); + errbuf[sizeof(errbuf) - 1] = '\0'; + (void) strncat(errbuf, error_message(r), sizeof(errbuf) - 1 - strlen(errbuf)); goto errout; } @@ -440,8 +441,12 @@ kerberos5_is(ap, data, cnt) princ[krb5_princ_component(telnet_context, ticket->server,0)->length] = '\0'; if (strcmp("host", princ)) { - (void) sprintf(errbuf, "incorrect service name: \"%s\" != \"%s\"", - princ, "host"); + if(strlen(princ) < sizeof(errbuf) - 39) { + (void) sprintf(errbuf, "incorrect service name: \"%s\" != \"host\"", + princ); + } else { + (void) sprintf(errbuf, "incorrect service name: principal != \"host\""); + } goto errout; } } else { @@ -455,7 +460,8 @@ kerberos5_is(ap, data, cnt) if (r) { (void) strcpy(errbuf, "krb5_auth_con_getauthenticator failed: "); - (void) strcat(errbuf, error_message(r)); + errbuf[sizeof(errbuf) - 1] = '\0'; + (void) strncat(errbuf, error_message(r), sizeof(errbuf) - 1 - strlen(errbuf)); goto errout; } if ((ap->way & AUTH_ENCRYPT_MASK) == AUTH_ENCRYPT_ON && @@ -476,7 +482,8 @@ kerberos5_is(ap, data, cnt) &key); if (r) { (void) strcpy(errbuf, "krb5_auth_con_getkey failed: "); - (void) strcat(errbuf, error_message(r)); + errbuf[sizeof(errbuf) - 1] = '\0'; + (void) strncat(errbuf, error_message(r), sizeof(errbuf) - 1 - strlen(errbuf)); goto errout; } r = krb5_verify_checksum(telnet_context, @@ -495,7 +502,8 @@ kerberos5_is(ap, data, cnt) if (r) { (void) strcpy(errbuf, "checksum verification failed: "); - (void) strcat(errbuf, error_message(r)); + errbuf[sizeof(errbuf) - 1] = '\0'; + (void) strncat(errbuf, error_message(r), sizeof(errbuf) - 1 - strlen(errbuf)); goto errout; } krb5_free_keyblock(telnet_context, key); @@ -506,7 +514,8 @@ kerberos5_is(ap, data, cnt) if ((r = krb5_mk_rep(telnet_context, auth_context, &outbuf))) { (void) strcpy(errbuf, "Make reply failed: "); - (void) strcat(errbuf, error_message(r)); + errbuf[sizeof(errbuf) - 1] = '\0'; + (void) strncat(errbuf, error_message(r), sizeof(errbuf) - 1 - strlen(errbuf)); goto errout; } @@ -560,7 +569,8 @@ kerberos5_is(ap, data, cnt) char errbuf[128]; (void) strcpy(errbuf, "Read forwarded creds failed: "); - (void) strcat(errbuf, error_message(r)); + errbuf[sizeof(errbuf) - 1] = '\0'; + (void) strncat(errbuf, error_message(r), sizeof(errbuf) - 1 - strlen(errbuf)); Data(ap, KRB_FORWARD_REJECT, errbuf, -1); if (auth_debug_mode) printf( @@ -586,7 +596,8 @@ kerberos5_is(ap, data, cnt) char eerrbuf[329]; strcpy(eerrbuf, "telnetd: "); - strcat(eerrbuf, errbuf); + eerrbuf[sizeof(eerrbuf) - 1] = '\0'; + strncat(eerrbuf, errbuf, sizeof(eerrbuf) - 1 - strlen(eerrbuf)); Data(ap, KRB_REJECT, eerrbuf, -1); } if (auth_debug_mode) @@ -706,7 +717,9 @@ kerberos5_status(ap, name, level) krb5_kuserok(telnet_context, ticket->enc_part2->client, UserNameRequested)) { - strcpy(name, UserNameRequested); + /* the name buffer comes from telnetd/telnetd{-ktd}.c */ + strncpy(name, UserNameRequested, 255); + name[255] = '\0'; return(AUTH_VALID); } else return(AUTH_USER); |