oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

lib/krb5: unparse_name_fixed error if invalid name buffer or length

Browse Source 
If the output 'name' buffer is NULL or length is zero, there is
no place to unparse the principal name to.  Fail with EINVAL and
if possible set an error message on the krb5_context.

This avoids potential NULL pointer dereferences.

Change-Id: Ie38d284f1867be883a2f2e31103ea50cd130a0fe
This commit is contained in:
Jeffrey Altman
2022-01-20 09:27:59 -05:00
parent 8836e6a39d
commit 8324a2af1d
1 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
lib/krb5/principal.c
View File

@@ -457,8 +457,14 @@ unparse_name_fixed(krb5_context context,
int no_realm = (flags & KRB5_PRINCIPAL_UNPARSE_NO_REALM) != 0;
int display = (flags & KRB5_PRINCIPAL_UNPARSE_DISPLAY) != 0;
if (name && len)
name[0] = '\0';
if (name == NULL || len == 0) {
krb5_set_error_message(context, EINVAL,
N_("Invalid name buffer or length, "
"can't unparse", ""));
return EINVAL;
}
name[0] = '\0';
if (!no_realm && princ_realm(principal) == NULL) {
krb5_set_error_message(context, ERANGE,