diff options
author | Andrew Bartlett <abartlet@samba.org> | 2007-06-13 05:14:00 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 14:53:17 -0500 |
commit | f7110d928afd61cee203d07fd85968af993a327f (patch) | |
tree | 292cc7b845553e9b2c4be6649d8a9c5881b9e3f4 /source4/auth/gensec | |
parent | ac00b6517e08977f44e7a3b106b97b899881d6aa (diff) | |
download | samba-f7110d928afd61cee203d07fd85968af993a327f.tar.gz samba-f7110d928afd61cee203d07fd85968af993a327f.tar.bz2 samba-f7110d928afd61cee203d07fd85968af993a327f.zip |
r23455: These buffers may not be null terminated. Ensure we don't run past the
end of teh buffer printing the error strings.
Andrew Bartlett
(This used to be commit 37e7070ca92e2f48fa02f7fd6736e5b26520f559)
Diffstat (limited to 'source4/auth/gensec')
-rw-r--r-- | source4/auth/gensec/gensec_gssapi.c | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c index 5596949eda..8a629405da 100644 --- a/source4/auth/gensec/gensec_gssapi.c +++ b/source4/auth/gensec/gensec_gssapi.c @@ -87,18 +87,29 @@ static char *gssapi_error_string(TALLOC_CTX *mem_ctx, OM_uint32 disp_min_stat, disp_maj_stat; gss_buffer_desc maj_error_message; gss_buffer_desc min_error_message; + char *maj_error_string, *min_error_string; OM_uint32 msg_ctx = 0; char *ret; maj_error_message.value = NULL; min_error_message.value = NULL; + maj_error_message.length = 0; + min_error_message.length = 0; disp_maj_stat = gss_display_status(&disp_min_stat, maj_stat, GSS_C_GSS_CODE, mech, &msg_ctx, &maj_error_message); disp_maj_stat = gss_display_status(&disp_min_stat, min_stat, GSS_C_MECH_CODE, mech, &msg_ctx, &min_error_message); - ret = talloc_asprintf(mem_ctx, "%s: %s", (char *)maj_error_message.value, (char *)min_error_message.value); + + maj_error_string = talloc_strndup(mem_ctx, (char *)maj_error_message.value, maj_error_message.length); + + min_error_string = talloc_strndup(mem_ctx, (char *)min_error_message.value, min_error_message.length); + + ret = talloc_asprintf(mem_ctx, "%s: %s", maj_error_string, min_error_string); + + talloc_free(maj_error_string); + talloc_free(min_error_string); gss_release_buffer(&disp_min_stat, &maj_error_message); gss_release_buffer(&disp_min_stat, &min_error_message); |