diff options
author | Conrad Meyer <cem@FreeBSD.org> | 2016-04-20 04:45:23 +0000 |
---|---|---|
committer | Conrad Meyer <cem@FreeBSD.org> | 2016-04-20 04:45:23 +0000 |
commit | e3081f7e3e2de4b5678d3defe12f349e0f412b84 (patch) | |
tree | 0d2987cb6ee573c4f821af2278d8bc80e063bf32 /sys/rpc | |
parent | 1a7dfcc5a365f4439eb5cd44f3d0e38d44be15ae (diff) | |
download | src-e3081f7e3e2de4b5678d3defe12f349e0f412b84.tar.gz src-e3081f7e3e2de4b5678d3defe12f349e0f412b84.zip |
kgssapi(4): Fix string overrun in Kerberos principal construction
'buf.value' was previously treated as a nul-terminated string, but only
allocated with strlen() space. Rectify this.
Reported by: Coverity
CID: 1007639
Sponsored by: EMC / Isilon Storage Division
Notes
Notes:
svn path=/head/; revision=298336
Diffstat (limited to 'sys/rpc')
-rw-r--r-- | sys/rpc/rpcsec_gss/svc_rpcsec_gss.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c b/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c index b3a920aafaf0..1d07943814f5 100644 --- a/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c +++ b/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c @@ -331,7 +331,7 @@ rpc_gss_get_principal_name(rpc_gss_principal_t *principal, * Construct a gss_buffer containing the full name formatted * as "name/node@domain" where node and domain are optional. */ - namelen = strlen(name); + namelen = strlen(name) + 1; if (node) { namelen += strlen(node) + 1; } |