svn commit: r299620 - stable/9/sys/rpc/rpcsec_gss

Garrett Cooper ngie at FreeBSD.org
Fri May 13 08:34:55 UTC 2016


Author: ngie
Date: Fri May 13 08:34:53 2016
New Revision: 299620
URL: https://svnweb.freebsd.org/changeset/base/299620

Log:
  MFstable/10 r299619:
  
  MFC r298336:
  r298336 (by cem):
  
  kgssapi(4): Fix string overrun in Kerberos principal construction
  
  'buf.value' was previously treated as a nul-terminated string, but only
  allocated with strlen() space.  Rectify this.
  
  CID:		1007639

Modified:
  stable/9/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c
Directory Properties:
  stable/9/   (props changed)
  stable/9/sys/   (props changed)

Modified: stable/9/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c
==============================================================================
--- stable/9/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c	Fri May 13 08:30:26 2016	(r299619)
+++ stable/9/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c	Fri May 13 08:34:53 2016	(r299620)
@@ -334,7 +334,7 @@ rpc_gss_get_principal_name(rpc_gss_princ
 	 * Construct a gss_buffer containing the full name formatted
 	 * as "name/node at domain" where node and domain are optional.
 	 */
-	namelen = strlen(name);
+	namelen = strlen(name) + 1;
 	if (node) {
 		namelen += strlen(node) + 1;
 	}


More information about the svn-src-stable-9 mailing list