OpenAFS Master Repository branch, master, updated. openafs-devel-1_5_74_1-239-g713b65a
Gerrit Code Review
gerrit@openafs.org
Sat, 12 Jun 2010 22:38:24 -0700 (PDT)
The following commit has been merged in the master branch:
commit 713b65adaa756b5a66ccb0620d5f2bc50642f2f1
Author: Russ Allbery <rra@stanford.edu>
Date: Sat Jun 12 16:07:52 2010 -0700
Avoid off-by-one error when saving the password in klog
When klog saved the password entered by the user to allow attempts
at multiple AFS principals without reprompting, it copied the whole
buffer according to the declared reply length into local storage.
This was done without regard to the local allocated storage size,
and was then nul-terminated without regard to the allocated storage
size. Both klog and Heimdal use a size of BUFSIZ for the reply
buffer by default, which meant that klog on Heimdal was writing past
the end of the allocated structure when nul-terminating the password.
Store our allocated buffer size in the struct and only copy at most
one fewer than that many characters, and then nul-terminate
accordingly.
(The assumption that BUFSIZ is always long enough is still bogus,
but that's larger surgery.)
Change-Id: Ic8d4357aad2f8dfa0fffe9849d2546a88ecd246a
Reviewed-on: http://gerrit.openafs.org/2129
Tested-by: Russ Allbery <rra@stanford.edu>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
src/aklog/klog.c | 11 +++++++++--
1 files changed, 9 insertions(+), 2 deletions(-)
--
OpenAFS Master Repository