[Freeipa-devel] [PATCH] 459 Avoid passing non-terminated string to is_master_host
Martin Kosek
mkosek at redhat.com
Tue Mar 11 15:55:52 UTC 2014
On 03/07/2014 10:21 AM, Alexander Bokovoy wrote:
> On Fri, 07 Mar 2014, Martin Kosek wrote:
>> When string is not terminated, queries with corrupted base may be sent
>> to LDAP:
>>
>> ... cn=ipa1.example.com<garbage>,cn=masters...
>>
>> https://fedorahosted.org/freeipa/ticket/4214
>>
>> --
>> Martin Kosek <mkosek at redhat.com>
>> Supervisor, Software Engineering - Identity Management Team
>> Red Hat Inc.
>
>> From 74bb082c7c286e9911f1a376ed9ce25845857672 Mon Sep 17 00:00:00 2001
>> From: Martin Kosek <mkosek at redhat.com>
>> Date: Fri, 7 Mar 2014 10:06:52 +0100
>> Subject: [PATCH] Avoid passing non-terminated string to is_master_host
>>
>> When string is not terminated, queries with corrupted base may be sent
>> to LDAP:
>>
>> ... cn=ipa1.example.com<garbage>,cn=masters...
>>
>> https://fedorahosted.org/freeipa/ticket/4214
>> ---
>> daemons/ipa-kdb/ipa_kdb_mspac.c | 3 ++-
>> 1 file changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/daemons/ipa-kdb/ipa_kdb_mspac.c b/daemons/ipa-kdb/ipa_kdb_mspac.c
>> index
>> 9137cd5ad1e6166fd5d6e765fab2c8178ca0587c..c1b018cc80402c2c3488487aee1d9709b902c5b4
>> 100644
>> --- a/daemons/ipa-kdb/ipa_kdb_mspac.c
>> +++ b/daemons/ipa-kdb/ipa_kdb_mspac.c
>> @@ -488,13 +488,14 @@ static krb5_error_code ipadb_fill_info3(struct
>> ipadb_context *ipactx,
>> }
>>
>> data = krb5_princ_component(ipactx->context, princ, 1);
>> - strres = malloc(data->length);
>> + strres = malloc(data->length+1);
>> if (strres == NULL) {
>> krb5_free_principal(ipactx->kcontext, princ);
>> return ENOENT;
>> }
>>
>> memcpy(strres, data->data, data->length);
>> + strres[data->length] = '\0';
>> krb5_free_principal(ipactx->kcontext, princ);
>>
>> /* Only add PAC to TGT to services on IPA masters to allow querying
> Obvious ACK.
>
Pushed to:
master: 740298d1208e92c264ef5752ac3fe6adf1240790
ipa-3-3: 0430d0eb2b605290e34b9392a902ef2114a2d743
Martin
More information about the Freeipa-devel
mailing list