oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

krb5: Fix string read overrun (fix #1057)

Browse Source
This commit is contained in:
Nicolas Williams
2023-01-03 01:33:37 -06:00
parent cc641edf6b
commit 2e7d996ea9
1 changed files with 5 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
lib/krb5/get_host_realm.c
View File

@@ -185,20 +185,21 @@ _krb5_get_host_realm_int(krb5_context context,
{ {
const char *p, *q; const char *p, *q;
const char *port; const char *port;
char *freeme = NULL;
krb5_boolean dns_locate_enable; krb5_boolean dns_locate_enable;
krb5_error_code ret = 0; krb5_error_code ret = 0;
/* Strip off any trailing ":port" suffix. */ /* Strip off any trailing ":port" suffix. */
port = strchr(host, ':'); port = strchr(host, ':');
if (port != NULL) { if (port != NULL && port != host && port[1] != '\0') {
host = strndup(host, port - host); host = freeme = strndup(host, port - host);
if (host == NULL) if (host == NULL)
return krb5_enomem(context); return krb5_enomem(context);
} }
dns_locate_enable = krb5_config_get_bool_default(context, NULL, TRUE, dns_locate_enable = krb5_config_get_bool_default(context, NULL, TRUE,
"libdefaults", "dns_lookup_realm", NULL); "libdefaults", "dns_lookup_realm", NULL);
for (p = host; p != NULL; p = strchr (p + 1, '.')) { for (p = host; p != NULL && p[0] != '\0'; p = strchr (p + 1, '.')) {
if (config_find_realm(context, p, realms) == 0) { if (config_find_realm(context, p, realms) == 0) {
if (strcasecmp(*realms[0], "dns_locate") != 0) if (strcasecmp(*realms[0], "dns_locate") != 0)
break; break;
@@ -246,9 +247,7 @@ _krb5_get_host_realm_int(krb5_context context,
} }
} }
/* If 'port' is not NULL, we have a copy of 'host' to free. */ free(freeme);
if (port)
free((void *)host);
return ret; return ret;
} }