Null-terminate components of parsed principals

The rewritten krb5_parse_name didn't null-terminate components or realms of principals, while the old one did. Fix the new one to do so as well. This means KRB5_PRINCIPAL_PARSE_IGNORE_REALM allocates one byte for the realm instead of leaving it as empty_data(), so we need to free the realm in build_in_tkt_name() before copying in the client realm.
krb5 · May 12, 2012 · 74beb75 · 74beb75
1 parent 39629e9
commit 74beb75
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 11 deletions.
diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c
@@ -452,6 +452,7 @@ build_in_tkt_name(krb5_context context,
                                     &server);
         if (ret)
             return ret;
+        krb5_free_data_contents(context, &server->realm);
         ret = krb5int_copy_data_contents(context, &client->realm,
                                          &server->realm);
         if (ret) {

diff --git a/src/lib/krb5/krb/parse.c b/src/lib/krb5/krb/parse.c
@@ -96,19 +96,16 @@ allocate_princ(krb5_context context, const char *name, krb5_boolean enterprise,
         }
     }
 
-    /* Allocate space for each non-empty component and the realm. */
+    /* Allocate space for each component and the realm, with space for null
+     * terminators on each field. */
     for (i = 0; i < princ->length; i++) {
-        if (princ->data[i].length > 0) {
-            princ->data[i].data = k5alloc(princ->data[i].length, &ret);
-            if (princ->data[i].data == NULL)
-                goto cleanup;
-        }
-    }
-    if (princ->realm.length > 0) {
-        princ->realm.data = k5alloc(princ->realm.length, &ret);
-        if (princ->realm.data == NULL)
+        princ->data[i].data = k5alloc(princ->data[i].length + 1, &ret);
+        if (princ->data[i].data == NULL)
             goto cleanup;
     }
+    princ->realm.data = k5alloc(princ->realm.length + 1, &ret);
+    if (princ->realm.data == NULL)
+        goto cleanup;
 
     *princ_out = princ;
     *has_realm_out = (cur_data == &princ->realm);
@@ -120,7 +117,8 @@ allocate_princ(krb5_context context, const char *name, krb5_boolean enterprise,
 
 /*
  * Parse name into princ, assuming that name is correctly formed and that all
- * principal fields are allocated to the correct length.  If enterprise is
+ * principal fields are allocated to the correct length with zero-filled memory
+ * (so we get null-terminated fields without any extra work).  If enterprise is
  * true, use enterprise principal parsing rules.
  */
 static void