OpenAFS Master Repository branch, master, updated. openafs-devel-1_5_74_1-239-g713b65a

Gerrit Code Review
Sat, 12 Jun 2010 22:38:24 -0700 (PDT)

The following commit has been merged in the master branch:
commit 713b65adaa756b5a66ccb0620d5f2bc50642f2f1
Author: Russ Allbery <>
Date:   Sat Jun 12 16:07:52 2010 -0700

    Avoid off-by-one error when saving the password in klog
    When klog saved the password entered by the user to allow attempts
    at multiple AFS principals without reprompting, it copied the whole
    buffer according to the declared reply length into local storage.
    This was done without regard to the local allocated storage size,
    and was then nul-terminated without regard to the allocated storage
    size.  Both klog and Heimdal use a size of BUFSIZ for the reply
    buffer by default, which meant that klog on Heimdal was writing past
    the end of the allocated structure when nul-terminating the password.
    Store our allocated buffer size in the struct and only copy at most
    one fewer than that many characters, and then nul-terminate
    (The assumption that BUFSIZ is always long enough is still bogus,
    but that's larger surgery.)
    Change-Id: Ic8d4357aad2f8dfa0fffe9849d2546a88ecd246a
    Tested-by: Russ Allbery <>
    Reviewed-by: Derrick Brashear <>
    Tested-by: Derrick Brashear <>

 src/aklog/klog.c |   11 +++++++++--
 1 files changed, 9 insertions(+), 2 deletions(-)

OpenAFS Master Repository