Date: Thu, 1 Dec 2022 14:26:03 GMT From: Cy Schubert <cy@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: 8d3c6e82cdca - stable/12 - heimdal: The version string must always contain a terminating NUL Message-ID: <202212011426.2B1EQ327079580@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/12 has been updated by cy: URL: https://cgit.FreeBSD.org/src/commit/?id=8d3c6e82cdcac5fa31836df6d3d067efd2e0e3bc commit 8d3c6e82cdcac5fa31836df6d3d067efd2e0e3bc Author: Cy Schubert <cy@FreeBSD.org> AuthorDate: 2022-11-21 15:33:08 +0000 Commit: Cy Schubert <cy@FreeBSD.org> CommitDate: 2022-12-01 14:25:52 +0000 heimdal: The version string must always contain a terminating NUL Should the sender send a string without a terminating NUL, ensure that the NUL terminates the string regardless. And while at it only process the version string when bytes are returned. PR: 267884 Reported by: Robert Morris <rtm@lcs.mit.edu> Differential Revision: https://reviews.freebsd.org/D37471 (cherry picked from commit d7e8666ffb9967a92709a2d2ded4d31568ab1473) --- crypto/heimdal/lib/krb5/recvauth.c | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/crypto/heimdal/lib/krb5/recvauth.c b/crypto/heimdal/lib/krb5/recvauth.c index 78e98a10fc1b..b63b28628395 100644 --- a/crypto/heimdal/lib/krb5/recvauth.c +++ b/crypto/heimdal/lib/krb5/recvauth.c @@ -75,7 +75,7 @@ krb5_recvauth_match_version(krb5_context context, const char *version = KRB5_SENDAUTH_VERSION; char her_version[sizeof(KRB5_SENDAUTH_VERSION)]; char *her_appl_version; - uint32_t len; + uint32_t len, bytes; u_char repl; krb5_data data; krb5_flags ap_options; @@ -139,15 +139,21 @@ krb5_recvauth_match_version(krb5_context context, N_("malloc: out of memory", "")); return ENOMEM; } - if (krb5_net_read (context, p_fd, her_appl_version, len) != len - || !(*match_appl_version)(match_data, her_appl_version)) { - repl = 2; - krb5_net_write (context, p_fd, &repl, 1); - krb5_set_error_message(context, KRB5_SENDAUTH_BADAPPLVERS, - N_("wrong sendauth version (%s)", ""), - her_appl_version); - free (her_appl_version); - return KRB5_SENDAUTH_BADAPPLVERS; + if ((bytes = krb5_net_read (context, p_fd, her_appl_version, len))) { + /* PR/267884: String read must always conatain a terminating NUL */ + if (strnlen(her_appl_version, len) == len) + her_appl_version[len-1] = '\0'; + + if (bytes != len || + !(*match_appl_version)(match_data, her_appl_version)) { + repl = 2; + krb5_net_write (context, p_fd, &repl, 1); + krb5_set_error_message(context, KRB5_SENDAUTH_BADAPPLVERS, + N_("wrong sendauth version (%s)", ""), + her_appl_version); + free (her_appl_version); + return KRB5_SENDAUTH_BADAPPLVERS; + } } free (her_appl_version);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202212011426.2B1EQ327079580>