From db7dad30f0d60bb2dfe952a69d1fe1befe10cc18 Mon Sep 17 00:00:00 2001 From: Harald Barth Date: Mon, 23 Apr 2001 04:37:58 +0000 Subject: [PATCH] STABLE10-null-terminate-cell-when-copying-from-lrealm-20010422 Avoid condition where we could read past the end of lrealm (unlikely to occur in practice and not remotely exploitable; cell and lrealm are both MAXKTCREALMLEN and lrealm is configured locally and not read from the network) --- src/kauth/krb_udp.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/kauth/krb_udp.c b/src/kauth/krb_udp.c index d8f8db245..65b144f98 100644 --- a/src/kauth/krb_udp.c +++ b/src/kauth/krb_udp.c @@ -446,7 +446,10 @@ afs_int32 UDP_GetTicket (ksoc, pkt, kvno, authDomain, ticket, ticketLen, auth, a code = KERB_ERR_PKT_VER; /* was KABADTICKET */ goto abort; } - if (celllen == 0) strcpy (cell, lrealm); + if (celllen == 0) { + strncpy (cell, lrealm, MAXKTCREALMLEN-1); + cell[MAXKTCREALMLEN-1] = 0; + }; if (krb_udp_debug) { printf ("UGetTicket: got ticket from '%s'.'%s'@'%s'\n", -- 2.39.5