On Fri, 07 Mar 2014, Martin Kosek wrote:
When string is not terminated, queries with corrupted base may be sent
to LDAP:
... cn=ipa1.example.com<garbage>,cn=masters...
https://fedorahosted.org/freeipa/ticket/4214
--
Martin Kosek <[email protected]>
Supervisor, Software Engineering - Identity Management Team
Red Hat Inc.
From 74bb082c7c286e9911f1a376ed9ce25845857672 Mon Sep 17 00:00:00 2001
From: Martin Kosek <[email protected]>
Date: Fri, 7 Mar 2014 10:06:52 +0100
Subject: [PATCH] Avoid passing non-terminated string to is_master_host
When string is not terminated, queries with corrupted base may be sent
to LDAP:
... cn=ipa1.example.com<garbage>,cn=masters...
https://fedorahosted.org/freeipa/ticket/4214
---
daemons/ipa-kdb/ipa_kdb_mspac.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/daemons/ipa-kdb/ipa_kdb_mspac.c b/daemons/ipa-kdb/ipa_kdb_mspac.c
index
9137cd5ad1e6166fd5d6e765fab2c8178ca0587c..c1b018cc80402c2c3488487aee1d9709b902c5b4
100644
--- a/daemons/ipa-kdb/ipa_kdb_mspac.c
+++ b/daemons/ipa-kdb/ipa_kdb_mspac.c
@@ -488,13 +488,14 @@ static krb5_error_code ipadb_fill_info3(struct
ipadb_context *ipactx,
}
data = krb5_princ_component(ipactx->context, princ, 1);
- strres = malloc(data->length);
+ strres = malloc(data->length+1);
if (strres == NULL) {
krb5_free_principal(ipactx->kcontext, princ);
return ENOENT;
}
memcpy(strres, data->data, data->length);
+ strres[data->length] = '\0';
krb5_free_principal(ipactx->kcontext, princ);
/* Only add PAC to TGT to services on IPA masters to allow querying
Obvious ACK.
--
/ Alexander Bokovoy
_______________________________________________
Freeipa-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-devel
