[krbdev.mit.edu #7524] SVN Commit
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Tue Jan 1 18:02:33 EST 2013
Fix gss_str_to_oid and gss_oid_to_str edge cases
Neither function correctly handled OIDs whose second arc exceeds 47
(theoretically possible if the first arc is 2). gss_str_to_oid had
additional problems: it used scanf, it didn't consistently protect
against read overrun if the input buffer wasn't null-terminated, and
it could get confused by + or - characters in the first two arcs. Fix
gss_oid_to_str and rewrite gss_str_to_oid.
Also add a test program.
https://github.com/krb5/krb5/commit/9b702abe222d4b279d5869f96f09074452478b1e
Author: Greg Hudson <ghudson at mit.edu>
Commit: 9b702abe222d4b279d5869f96f09074452478b1e
Branch: master
.gitignore | 1 +
src/lib/gssapi/generic/oid_ops.c | 246 +++++++++++++++++++-------------------
src/tests/gssapi/Makefile.in | 9 +-
src/tests/gssapi/t_oid.c | 221 ++++++++++++++++++++++++++++++++++
4 files changed, 350 insertions(+), 127 deletions(-)
More information about the krb5-bugs
mailing list