On 03/07/2014 10:21 AM, Alexander Bokovoy wrote: > On Fri, 07 Mar 2014, Martin Kosek wrote: >> When string is not terminated, queries with corrupted base may be sent >> to LDAP: >> >> ... cn=ipa1.example.com<garbage>,cn=masters... >> >> https://fedorahosted.org/freeipa/ticket/4214 >> >> -- >> Martin Kosek <[email protected]> >> Supervisor, Software Engineering - Identity Management Team >> Red Hat Inc. > >> From 74bb082c7c286e9911f1a376ed9ce25845857672 Mon Sep 17 00:00:00 2001 >> From: Martin Kosek <[email protected]> >> Date: Fri, 7 Mar 2014 10:06:52 +0100 >> Subject: [PATCH] Avoid passing non-terminated string to is_master_host >> >> When string is not terminated, queries with corrupted base may be sent >> to LDAP: >> >> ... cn=ipa1.example.com<garbage>,cn=masters... >> >> https://fedorahosted.org/freeipa/ticket/4214 >> --- >> daemons/ipa-kdb/ipa_kdb_mspac.c | 3 ++- >> 1 file changed, 2 insertions(+), 1 deletion(-) >> >> diff --git a/daemons/ipa-kdb/ipa_kdb_mspac.c >> b/daemons/ipa-kdb/ipa_kdb_mspac.c >> index >> 9137cd5ad1e6166fd5d6e765fab2c8178ca0587c..c1b018cc80402c2c3488487aee1d9709b902c5b4 >> 100644 >> --- a/daemons/ipa-kdb/ipa_kdb_mspac.c >> +++ b/daemons/ipa-kdb/ipa_kdb_mspac.c >> @@ -488,13 +488,14 @@ static krb5_error_code ipadb_fill_info3(struct >> ipadb_context *ipactx, >> } >> >> data = krb5_princ_component(ipactx->context, princ, 1); >> - strres = malloc(data->length); >> + strres = malloc(data->length+1); >> if (strres == NULL) { >> krb5_free_principal(ipactx->kcontext, princ); >> return ENOENT; >> } >> >> memcpy(strres, data->data, data->length); >> + strres[data->length] = '\0'; >> krb5_free_principal(ipactx->kcontext, princ); >> >> /* Only add PAC to TGT to services on IPA masters to allow querying > Obvious ACK. >
Pushed to: master: 740298d1208e92c264ef5752ac3fe6adf1240790 ipa-3-3: 0430d0eb2b605290e34b9392a902ef2114a2d743 Martin _______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
