oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

(display_tokens): increase token buffer size, and add more checks of

Browse Source 
the kernel data (from Love)


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11143 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Johan Danielsson
2002-08-20 09:05:18 +00:00
parent 1716e20e59
commit 93c3f541eb
1 changed files with 14 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
kuser/klist.c
View File

@@ -475,7 +475,7 @@ static void
display_tokens(int do_verbose) display_tokens(int do_verbose)
{ {
u_int32_t i; u_int32_t i;
unsigned char t[128]; unsigned char t[4096];
struct ViceIoctl parms; struct ViceIoctl parms;
parms.in = (void *)&i; parms.in = (void *)&i;
@@ -496,11 +496,20 @@ display_tokens(int do_verbose)
break; break;
continue; continue;
} }
if(parms.out_size >= sizeof(t))
continue;
if(parms.out_size < sizeof(size_secret_tok))
continue;
t[parms.out_size] = 0;
memcpy(&size_secret_tok, r, sizeof(size_secret_tok)); memcpy(&size_secret_tok, r, sizeof(size_secret_tok));
/* dont bother about the secret token */ /* dont bother about the secret token */
r += size_secret_tok + sizeof(size_secret_tok); r += size_secret_tok + sizeof(size_secret_tok);
if (parms.out_size < (r - t) + sizeof(size_public_tok))
continue;
memcpy(&size_public_tok, r, sizeof(size_public_tok)); memcpy(&size_public_tok, r, sizeof(size_public_tok));
r += sizeof(size_public_tok); r += sizeof(size_public_tok);
if (parms.out_size < (r - t) + size_public_tok + sizeof(int32_t))
continue;
memcpy(&ct, r, size_public_tok); memcpy(&ct, r, size_public_tok);
r += size_public_tok; r += size_public_tok;
/* there is a int32_t with length of cellname, but we dont read it */ /* there is a int32_t with length of cellname, but we dont read it */