[Freeipa-devel] [PATCH] 459 Avoid passing non-terminated string to is_master_host
Anthony Messina
amessina at messinet.com
Tue Mar 11 16:00:16 UTC 2014
On Tuesday, March 11, 2014 04:55:52 PM Martin Kosek wrote:
> On 03/07/2014 10:21 AM, Alexander Bokovoy wrote:
> > On Fri, 07 Mar 2014, Martin Kosek wrote:
> >> When string is not terminated, queries with corrupted base may be sent
> >> to LDAP:
> >>
> >> ... cn=ipa1.example.com<garbage>,cn=masters...
> >>
> >> https://fedorahosted.org/freeipa/ticket/4214
> >>
> >> --
> >> Martin Kosek <mkosek at redhat.com>
> >> Supervisor, Software Engineering - Identity Management Team
> >> Red Hat Inc.
> >
> >
> >
> >> From 74bb082c7c286e9911f1a376ed9ce25845857672 Mon Sep 17 00:00:00 2001
> >> From: Martin Kosek <mkosek at redhat.com>
> >> Date: Fri, 7 Mar 2014 10:06:52 +0100
> >> Subject: [PATCH] Avoid passing non-terminated string to is_master_host
> >>
> >> When string is not terminated, queries with corrupted base may be sent
> >> to LDAP:
> >>
> >> ... cn=ipa1.example.com<garbage>,cn=masters...
> >>
> >> https://fedorahosted.org/freeipa/ticket/4214
> >> ---
> >> daemons/ipa-kdb/ipa_kdb_mspac.c | 3 ++-
> >> 1 file changed, 2 insertions(+), 1 deletion(-)
> >>
> >> diff --git a/daemons/ipa-kdb/ipa_kdb_mspac.c
> >> b/daemons/ipa-kdb/ipa_kdb_mspac.c index
> >> 9137cd5ad1e6166fd5d6e765fab2c8178ca0587c..c1b018cc80402c2c3488487aee1d970
> >> 9b902c5b4 100644
> >> --- a/daemons/ipa-kdb/ipa_kdb_mspac.c
> >> +++ b/daemons/ipa-kdb/ipa_kdb_mspac.c
> >> @@ -488,13 +488,14 @@ static krb5_error_code ipadb_fill_info3(struct
> >> ipadb_context *ipactx,
> >>
> >> }
> >>
> >> data = krb5_princ_component(ipactx->context, princ, 1);
> >>
> >> - strres = malloc(data->length);
> >> + strres = malloc(data->length+1);
> >>
> >> if (strres == NULL) {
> >> krb5_free_principal(ipactx->kcontext, princ);
> >> return ENOENT;
> >> }
> >>
> >> memcpy(strres, data->data, data->length);
> >>
> >> + strres[data->length] = '\0';
> >>
> >> krb5_free_principal(ipactx->kcontext, princ);
> >>
> >> /* Only add PAC to TGT to services on IPA masters to allow
> >>querying>>
> > Obvious ACK.
> >
> >
>
> Pushed to:
> master: 740298d1208e92c264ef5752ac3fe6adf1240790
> ipa-3-3: 0430d0eb2b605290e34b9392a902ef2114a2d743
>
> Martin
Thank you guys. -A
--
Anthony - http://messinet.com - http://messinet.com/~amessina/gallery
8F89 5E72 8DF0 BCF0 10BE 9967 92DC 35DC B001 4A4E
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140311/baf5627e/attachment.sig>
More information about the Freeipa-devel
mailing list