MITKRB5-SA-2004-001: buffer overflows in krb5_aname_to_localname

Wed Jun 2 15:45:05 EDT 2004

In the 3rd hunk of this patch, the lines:

            if (!doall)
                strncpy(op, cp, MAX_FORMAT_BUFFER - 1 - (op - out));

were changed to:

            if (!doall)
                use_bytes(strlen(cp));
                strncpy(op, cp, MAX_FORMAT_BUFFER - 1 - (op - out));

I assume that should be:

            if (!doall) {
                use_bytes(strlen(cp));
                strncpy(op, cp, MAX_FORMAT_BUFFER - 1 - (op - out));
            }

-bill