krb5 commit: Clean up default_an_to_ln and fix a minor leak
Greg Hudson
ghudson at MIT.EDU
Fri Jun 8 18:48:54 EDT 2012
https://github.com/krb5/krb5/commit/cf520a2d2ed60360f6bad145ef749a10723bc4da
commit cf520a2d2ed60360f6bad145ef749a10723bc4da
Author: Greg Hudson <ghudson at mit.edu>
Date: Fri Jun 8 18:40:22 2012 -0400
Clean up default_an_to_ln and fix a minor leak
The default realm could be leaked if the principal had the wrong
number of components. Reported by Russ Allbery.
ticket: 7161
src/lib/krb5/os/an_to_ln.c | 58 +++++++++++++++++--------------------------
1 files changed, 23 insertions(+), 35 deletions(-)
diff --git a/src/lib/krb5/os/an_to_ln.c b/src/lib/krb5/os/an_to_ln.c
index a5846c7..8108f34 100644
--- a/src/lib/krb5/os/an_to_ln.c
+++ b/src/lib/krb5/os/an_to_ln.c
@@ -599,46 +599,34 @@ cleanup:
* that name is returned as the lname.
*/
static krb5_error_code
-default_an_to_ln(krb5_context context, krb5_const_principal aname, const unsigned int lnsize, char *lname)
+default_an_to_ln(krb5_context context, krb5_const_principal aname,
+ const unsigned int lnsize, char *lname)
{
- krb5_error_code retval;
+ krb5_error_code ret;
char *def_realm;
- unsigned int realm_length;
-
- realm_length = krb5_princ_realm(context, aname)->length;
-
- if ((retval = krb5_get_default_realm(context, &def_realm))) {
- return(retval);
- }
- if (!data_eq_string(*krb5_princ_realm(context, aname), def_realm)) {
- free(def_realm);
- return KRB5_LNAME_NOTRANS;
- }
- if (krb5_princ_size(context, aname) != 1) {
- if (krb5_princ_size(context, aname) == 2 ) {
- /* Check to see if 2nd component is the local realm. */
- if ( strncmp(krb5_princ_component(context, aname,1)->data,def_realm,
- realm_length) ||
- realm_length != krb5_princ_component(context, aname,1)->length)
- return KRB5_LNAME_NOTRANS;
- }
- else
- /* no components or more than one component to non-realm part of name
- --no translation. */
- return KRB5_LNAME_NOTRANS;
+ ret = krb5_get_default_realm(context, &def_realm);
+ if (ret)
+ return ret;
+
+ if (!data_eq_string(aname->realm, def_realm)) {
+ ret = KRB5_LNAME_NOTRANS;
+ } else if (aname->length == 2) {
+ /* Check to see if second component is the local realm. */
+ if (!data_eq_string(aname->data[1], def_realm))
+ ret = KRB5_LNAME_NOTRANS;
+ } else if (aname->length != 1) {
+ ret = KRB5_LNAME_NOTRANS;
}
-
free(def_realm);
- strncpy(lname, krb5_princ_component(context, aname,0)->data,
- min(krb5_princ_component(context, aname,0)->length,lnsize));
- if (lnsize <= krb5_princ_component(context, aname,0)->length ) {
- retval = KRB5_CONFIG_NOTENUFSPACE;
- } else {
- lname[krb5_princ_component(context, aname,0)->length] = '\0';
- retval = 0;
- }
- return retval;
+ if (ret)
+ return ret;
+
+ if (aname->data[0].length >= lnsize)
+ return KRB5_CONFIG_NOTENUFSPACE;
+ memcpy(lname, aname->data[0].data, aname->data[0].length);
+ lname[aname->data[0].length] = '\0';
+ return 0;
}
/*
More information about the cvs-krb5
mailing list