[krbdev.mit.edu #2024] overwriting memory in krb5_aname_to_localname
""Nebergall@MIT.EDU
""Nebergall at MIT.EDU
Mon Nov 24 20:28:57 EST 2003
759: cp is first set to point at the strings null terminator of the string
761: isspace space is run on it in a loop. (The null terminator is not
considered white space, so this does nothing).
762: cp is incremented to one past the null terminator
763: Memory after the null terminator is set to an additional null
terminator (ERROR!)
src/lib/krb5/os/an_to_ln.c
755 for (nvalid=0; mapping_values[nvalid]; nvalid++);
756
757 /* Just use the last one. */
758 /* Trim the value. */
759 cp = &mapping_values[nvalid-1]
760 [strlen(mapping_values[nvalid-1])];
761 while (isspace((int) (*cp))) cp--;
762 cp++;
763 *cp = '\0';
>From Man page provided in RH 7.3
isspace()
checks for white-space characters. In the "C" and
"POSIX" locales, these are: space, form-feed
('\f'), newline ('\n'), carriage return ('\r'),
horizontal tab ('\t'), and vertical tab ('\v').
More information about the krb5-bugs
mailing list