From 25a7b258ea73958113249abcccaf3e519025e32a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Wed, 12 Nov 2008 04:19:52 +0000
Subject: [PATCH] make sure we dont print off the end of the gss_buffer_t, they
 are defined to not included NULL, in heimdal they are but thats an
 implementation detail, dont teach people about that. From: Christian Krause

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24035 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 appl/ftp/ftp/gssapi.c       | 14 ++++++++++----
 appl/popper/auth_gssapi.c   |  7 ++++++-
 appl/telnet/libtelnet/spx.c | 12 ++++++++----
 appl/test/nt_gss_common.c   |  4 +++-
 lib/gssapi/krb5/test_cred.c |  3 ++-
 lib/gssapi/krb5/test_oid.c  |  3 +--
 lib/gssapi/test_cred.c      |  3 ++-
 lib/gssapi/test_names.c     |  3 ++-
 lib/gssapi/test_oid.c       |  4 ++--
 9 files changed, 36 insertions(+), 17 deletions(-)

diff --git a/appl/ftp/ftp/gssapi.c b/appl/ftp/ftp/gssapi.c
index ae4f72fe8..6d097fb17 100644
--- a/appl/ftp/ftp/gssapi.c
+++ b/appl/ftp/ftp/gssapi.c
@@ -265,7 +265,8 @@ gss_adat(void *app_data, void *buf, size_t len)
 			   GSS_C_NO_OID,
 			   &msg_ctx,
 			   &status_string);
-	syslog(LOG_ERR, "gss_accept_sec_context: %s",
+	syslog(LOG_ERR, "gss_accept_sec_context: %.*s",
+	       (int)status_string.length,
 	       (char*)status_string.value);
 	gss_release_buffer(&new_stat, &status_string);
 	reply(431, "Security resource unavailable");
@@ -331,8 +332,10 @@ import_name(const char *kname, const char *host, gss_name_t *target_name)
 			   GSS_C_NO_OID,
 			   &msg_ctx,
 			   &status_string);
-	printf("Error importing name %s: %s\n",
+	printf("Error importing name %.*s: %.*s\n",
+	       (int)name.length,
 	       (char *)name.value,
+	       (int)status_string.length,
 	       (char *)status_string.value);
 	free(name.value);
 	gss_release_buffer(&new_stat, &status_string);
@@ -427,7 +430,8 @@ gss_auth(void *app_data, char *host)
 			       GSS_C_NO_OID,
 			       &msg_ctx,
 			       &status_string);
-	    printf("Error initializing security context: %s\n",
+	    printf("Error initializing security context: %.*s\n",
+		   (int)status_string.length,
 		   (char*)status_string.value);
 	    gss_release_buffer(&new_stat, &status_string);
 	    return AUTH_CONTINUE;
@@ -501,7 +505,9 @@ gss_auth(void *app_data, char *host)
 					 &name,
 					 NULL);
 	    if (GSS_ERROR(maj_stat) == 0) {
-		printf("Authenticated to <%s>\n", (char *)name.value);
+		printf("Authenticated to <%.*s>\n",
+			(int)name.length,
+			(char *)name.value);
 		gss_release_buffer(&min_stat, &name);
 	    }
 	    gss_release_name(&min_stat, &targ_name);
diff --git a/appl/popper/auth_gssapi.c b/appl/popper/auth_gssapi.c
index 5a88800fe..6763d13e8 100644
--- a/appl/popper/auth_gssapi.c
+++ b/appl/popper/auth_gssapi.c
@@ -58,13 +58,18 @@ gss_set_error (struct gss_state *gs, int min_stat)
     OM_uint32 ret;
 
     do {
+	char * cstr;
+
 	ret = gss_display_status (&new_stat,
 				  min_stat,
 				  GSS_C_MECH_CODE,
 				  gs->mech_oid,
 				  &msg_ctx,
 				  &status_string);
-	pop_auth_set_error(status_string.value);
+	asprintf(&cstr, "%.*s", (int)status_string.length,
+		 (const char *)status_string.value);
+	pop_auth_set_error(cstr);
+	free(cstr);
 	gss_release_buffer (&new_stat, &status_string);
     } while (!GSS_ERROR(ret) && msg_ctx != 0);
 }
diff --git a/appl/telnet/libtelnet/spx.c b/appl/telnet/libtelnet/spx.c
index c43c4ceb2..8672c5b4c 100644
--- a/appl/telnet/libtelnet/spx.c
+++ b/appl/telnet/libtelnet/spx.c
@@ -237,7 +237,9 @@ spx_send(ap)
 					&output_name_buffer,
 					&output_name_type);
 
-	printf("target is '%s'\n", output_name_buffer.value); fflush(stdout);
+	printf("target is '%.*s'\n", (int)output_name_buffer.length,
+					(char*)output_name_buffer.value);
+	fflush(stdout);
 
 	major_status = gss_release_buffer(&status, &output_name_buffer);
 
@@ -290,7 +292,8 @@ spx_send(ap)
 				GSS_C_NULL_OID,
 				&msg_ctx,
 				&status_string);
-	  printf("%s\n", status_string.value);
+	  printf("%.*s\n", (int)status_string.length,
+				(char*)status_string.value);
 	  return(0);
 	}
 
@@ -457,8 +460,9 @@ spx_reply(ap, data, cnt)
 					GSS_C_NULL_OID,
 					&msg_ctx,
 					&status_string);
-		    printf("[ SPX mutual response fails ... '%s' ]\r\n",
-			 status_string.value);
+		    printf("[ SPX mutual response fails ... '%.*s' ]\r\n",
+			 (int)status_string.length,
+			 (char*)status_string.value);
 		    auth_send_retry();
 		    return;
 		  }
diff --git a/appl/test/nt_gss_common.c b/appl/test/nt_gss_common.c
index 7ffd23f93..ce8502fb8 100644
--- a/appl/test/nt_gss_common.c
+++ b/appl/test/nt_gss_common.c
@@ -107,7 +107,9 @@ gss_print_errors (int min_stat)
 				  GSS_C_NO_OID,
 				  &msg_ctx,
 				  &status_string);
-	fprintf (stderr, "%s\n", (char *)status_string.value);
+	fprintf (stderr, "%.*s\n", 
+		(int)status_string.length,
+		(char *)status_string.value);
 	gss_release_buffer (&new_stat, &status_string);
     } while (!GSS_ERROR(ret) && msg_ctx != 0);
 }
diff --git a/lib/gssapi/krb5/test_cred.c b/lib/gssapi/krb5/test_cred.c
index 3c42e03cf..420c2a8a1 100644
--- a/lib/gssapi/krb5/test_cred.c
+++ b/lib/gssapi/krb5/test_cred.c
@@ -52,7 +52,8 @@ gss_print_errors (int min_stat)
 				  GSS_C_NO_OID,
 				  &msg_ctx,
 				  &status_string);
-	fprintf (stderr, "%s\n", (char *)status_string.value);
+	fprintf (stderr, "%.*s\n", (int)status_string.legnth,
+				(char *)status_string.value);
 	gss_release_buffer (&new_stat, &status_string);
     } while (!GSS_ERROR(ret) && msg_ctx != 0);
 }
diff --git a/lib/gssapi/krb5/test_oid.c b/lib/gssapi/krb5/test_oid.c
index eb38b92ba..f60954a5d 100644
--- a/lib/gssapi/krb5/test_oid.c
+++ b/lib/gssapi/krb5/test_oid.c
@@ -45,8 +45,7 @@ main(int argc, char **argv)
     maj_stat = gss_oid_to_str(&minor_status, GSS_KRB5_MECHANISM, &data);
     if (GSS_ERROR(maj_stat))
 	errx(1, "gss_oid_to_str failed");
-
-    ret = strcmp(data.value, "1 2 840 113554 1 2 2");
+    ret = strncmp(data.value, "1 2 840 113554 1 2 2", data.length);
     gss_release_buffer(&maj_stat, &data);
     if (ret)
 	return 1;
diff --git a/lib/gssapi/test_cred.c b/lib/gssapi/test_cred.c
index 0a0bd03c1..1551627c3 100644
--- a/lib/gssapi/test_cred.c
+++ b/lib/gssapi/test_cred.c
@@ -62,7 +62,8 @@ gss_print_errors (int min_stat)
 				  &msg_ctx,
 				  &status_string);
 	if (!GSS_ERROR(ret)) {
-	    fprintf (stderr, "%s\n", (char *)status_string.value);
+	    fprintf (stderr, "%.*s\n", (int)status_string.value,
+					(char *)status_string.value);
 	    gss_release_buffer (&new_stat, &status_string);
 	}
     } while (!GSS_ERROR(ret) && msg_ctx != 0);
diff --git a/lib/gssapi/test_names.c b/lib/gssapi/test_names.c
index 0bfff6130..68beafa5a 100644
--- a/lib/gssapi/test_names.c
+++ b/lib/gssapi/test_names.c
@@ -62,7 +62,8 @@ gss_print_errors (int min_stat)
 				  &msg_ctx,
 				  &status_string);
 	if (!GSS_ERROR(ret)) {
-	    fprintf (stderr, "%s\n", (char *)status_string.value);
+	    fprintf (stderr, "%.*s\n", (int)status_string.length,
+					(char *)status_string.value);
 	    gss_release_buffer (&new_stat, &status_string);
 	}
     } while (!GSS_ERROR(ret) && msg_ctx != 0);
diff --git a/lib/gssapi/test_oid.c b/lib/gssapi/test_oid.c
index 50fbbc871..68eb2679f 100644
--- a/lib/gssapi/test_oid.c
+++ b/lib/gssapi/test_oid.c
@@ -53,7 +53,7 @@ main(int argc, char **argv)
     if (GSS_ERROR(maj_stat))
 	errx(1, "gss_oid_to_str failed");
 
-    ret = strcmp(data.value, "1 2 840 113554 1 2 2");
+    ret = strncmp(data.value, "1 2 840 113554 1 2 2", data.length);
     gss_release_buffer(&maj_stat, &data);
     if (ret)
 	return 1;
@@ -62,7 +62,7 @@ main(int argc, char **argv)
     if (GSS_ERROR(maj_stat))
 	errx(1, "gss_oid_to_str failed");
 
-    ret = strcmp(data.value, "1 3 6 1 5 6 4");
+    ret = strnncmp(data.value, "1 3 6 1 5 6 4", data.length);
     gss_release_buffer(&maj_stat, &data);
     if (ret)
 	return 1;