Skip Menu |

Subject: SVN Commit
krb5_kt_get_name() allows the called to specify the size of the buffer to copy
the name into. The size must be big enough for the tailing nul character.

If one specified a buffer length that is precisely the strlen w/o allowing for
the nul - the functions would copy one past the end of the buffer.

No code in our tree would be subject this problem - as buffers in use are 1024
or BUFSIZ....

The logic failure was:

strlen(p+1) vs. strlen(p)+1

The code is essentially duplicated in the three changed files.

Commit By: epeisach

Revision: 19137
Changed Files:
U trunk/src/lib/krb5/keytab/kt_file.c
U trunk/src/lib/krb5/keytab/kt_memory.c
U trunk/src/lib/krb5/keytab/kt_srvtab.c