From 93c3f541ebdb5b53f23830b24ba29fd8feab2b19 Mon Sep 17 00:00:00 2001
From: Johan Danielsson <joda@pdc.kth.se>
Date: Tue, 20 Aug 2002 09:05:18 +0000
Subject: [PATCH] (display_tokens): increase token buffer size, and add more
 checks of the kernel data (from Love)

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11143 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 kuser/klist.c | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/kuser/klist.c b/kuser/klist.c
index 2ec7bbf40..a06666787 100644
--- a/kuser/klist.c
+++ b/kuser/klist.c
@@ -475,7 +475,7 @@ static void
 display_tokens(int do_verbose)
 {
     u_int32_t i;
-    unsigned char t[128];
+    unsigned char t[4096];
     struct ViceIoctl parms;
 
     parms.in = (void *)&i;
@@ -496,11 +496,20 @@ display_tokens(int do_verbose)
 		break;
 	    continue;
 	}
+	if(parms.out_size >= sizeof(t))
+	    continue;
+	if(parms.out_size < sizeof(size_secret_tok))
+	    continue;
+	t[parms.out_size] = 0;
 	memcpy(&size_secret_tok, r, sizeof(size_secret_tok));
 	/* dont bother about the secret token */
 	r += size_secret_tok + sizeof(size_secret_tok);
+	if (parms.out_size < (r - t) + sizeof(size_public_tok))
+	    continue;
 	memcpy(&size_public_tok, r, sizeof(size_public_tok));
 	r += sizeof(size_public_tok);
+	if (parms.out_size < (r - t) + size_public_tok + sizeof(int32_t))
+	    continue;
 	memcpy(&ct, r, size_public_tok);
 	r += size_public_tok;
 	/* there is a int32_t with length of cellname, but we dont read it */
@@ -509,19 +518,19 @@ display_tokens(int do_verbose)
 
 	gettimeofday (&tv, NULL);
 	strlcpy (buf1, printable_time(ct.BeginTimestamp),
-			 sizeof(buf1));
+		 sizeof(buf1));
 	if (do_verbose || tv.tv_sec < ct.EndTimestamp)
 	    strlcpy (buf2, printable_time(ct.EndTimestamp),
-			     sizeof(buf2));
+		     sizeof(buf2));
 	else
 	    strlcpy (buf2, ">>> Expired <<<", sizeof(buf2));
 
 	printf("%s  %s  ", buf1, buf2);
 
 	if ((ct.EndTimestamp - ct.BeginTimestamp) & 1)
-	  printf("User's (AFS ID %d) tokens for %s", ct.ViceId, cell);
+	    printf("User's (AFS ID %d) tokens for %s", ct.ViceId, cell);
 	else
-	  printf("Tokens for %s", cell);
+	    printf("Tokens for %s", cell);
 	if (do_verbose)
 	    printf(" (%d)", ct.AuthHandle);
 	putchar('\n');