git: d7e8666ffb99 - main - heimdal: The version string must always contain a terminating NUL

Thu, 24 Nov 2022 09:26:50 -0800 

The branch main has been updated by cy:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=d7e8666ffb9967a92709a2d2ded4d31568ab1473

commit d7e8666ffb9967a92709a2d2ded4d31568ab1473
Author:     Cy Schubert <[email protected]>
AuthorDate: 2022-11-21 15:33:08 +0000
Commit:     Cy Schubert <[email protected]>
CommitDate: 2022-11-24 17:21:13 +0000

    heimdal: The version string must always contain a terminating NUL
    
    Should the sender send a string without a terminating NUL, ensure that
    the NUL terminates the string regardless.
    
    And while at it only process the version string when bytes are returned.
    
    PR:             267884
    Reported by:    Robert Morris <[email protected]>
    MFC after:      3 days
    Differential Revision:  https://reviews.freebsd.org/D37471
---
 crypto/heimdal/lib/krb5/recvauth.c | 26 ++++++++++++++++----------
 1 file changed, 16 insertions(+), 10 deletions(-)

diff --git a/crypto/heimdal/lib/krb5/recvauth.c 
b/crypto/heimdal/lib/krb5/recvauth.c
index 78e98a10fc1b..b63b28628395 100644
--- a/crypto/heimdal/lib/krb5/recvauth.c
+++ b/crypto/heimdal/lib/krb5/recvauth.c
@@ -75,7 +75,7 @@ krb5_recvauth_match_version(krb5_context context,
     const char *version = KRB5_SENDAUTH_VERSION;
     char her_version[sizeof(KRB5_SENDAUTH_VERSION)];
     char *her_appl_version;
-    uint32_t len;
+    uint32_t len, bytes;
     u_char repl;
     krb5_data data;
     krb5_flags ap_options;
@@ -139,15 +139,21 @@ krb5_recvauth_match_version(krb5_context context,
                               N_("malloc: out of memory", ""));
        return ENOMEM;
     }
-    if (krb5_net_read (context, p_fd, her_appl_version, len) != len
-       || !(*match_appl_version)(match_data, her_appl_version)) {
-       repl = 2;
-       krb5_net_write (context, p_fd, &repl, 1);
-       krb5_set_error_message(context, KRB5_SENDAUTH_BADAPPLVERS,
-                              N_("wrong sendauth version (%s)", ""),
-                              her_appl_version);
-       free (her_appl_version);
-       return KRB5_SENDAUTH_BADAPPLVERS;
+    if ((bytes = krb5_net_read (context, p_fd, her_appl_version, len))) {
+       /* PR/267884: String read must always conatain a terminating NUL */
+       if (strnlen(her_appl_version, len) == len)
+               her_appl_version[len-1] = '\0';
+
+           if (bytes != len ||
+               !(*match_appl_version)(match_data, her_appl_version)) {
+               repl = 2;
+               krb5_net_write (context, p_fd, &repl, 1);
+               krb5_set_error_message(context, KRB5_SENDAUTH_BADAPPLVERS,
+                                      N_("wrong sendauth version (%s)", ""),
+                                      her_appl_version);
+               free (her_appl_version);
+               return KRB5_SENDAUTH_BADAPPLVERS;
+           }
     }
     free (her_appl_version);

Reply via email to