From 12afd9c4b76ba11952b63e8bf7059a1f30b2a964 Mon Sep 17 00:00:00 2001 From: Jeffrey Altman Date: Fri, 28 Apr 2017 11:24:00 -0400 Subject: [PATCH] include field separators in comparison When comparing the first component of a multi-component string that uses a field separator (e.g., '/' or ':'), be sure to include the separator in the comparison to ensure that the comparison does not succeed due to a prefix match. Change-Id: Ieec3e73cb015a83bb652ec11cd7d83e57755c3d2 --- kdc/hpropd.c | 2 +- lib/hx509/hxtool.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/kdc/hpropd.c b/kdc/hpropd.c index a931d7f68..fcd200dcf 100644 --- a/kdc/hpropd.c +++ b/kdc/hpropd.c @@ -176,7 +176,7 @@ main(int argc, char **argv) ret = krb5_unparse_name(context, ticket->server, &server); if (ret) krb5_err(context, 1, ret, "krb5_unparse_name"); - if (strncmp(server, "hprop/", 5) != 0) + if (strncmp(server, "hprop/", 6) != 0) krb5_errx(context, 1, "ticket not for hprop (%s)", server); free(server); diff --git a/lib/hx509/hxtool.c b/lib/hx509/hxtool.c index 0a7048bdf..e686a6080 100644 --- a/lib/hx509/hxtool.c +++ b/lib/hx509/hxtool.c @@ -944,7 +944,7 @@ pcert_verify(struct verify_options *opt, int argc, char **argv) if (ret) errx(1, "hx509_revoke_add_crl: %s: %d", s, ret); - } else if (strncmp(s, "ocsp:", 4) == 0) { + } else if (strncmp(s, "ocsp:", 5) == 0) { s += 5; ret = hx509_revoke_add_ocsp(context, revoke_ctx, s); @@ -1155,7 +1155,7 @@ revoke_print(struct revoke_print_options *opt, int argc, char **argv) if (ret) errx(1, "hx509_revoke_add_crl: %s: %d", s, ret); - } else if (strncmp(s, "ocsp:", 4) == 0) { + } else if (strncmp(s, "ocsp:", 5) == 0) { s += 5; ret = hx509_revoke_add_ocsp(context, revoke_ctx, s);