Commit ceb0534d authored by Kevin J. McCarthy's avatar Kevin J. McCarthy

Improve gss debug printing of status_string.

Commit f52ee2f7 ensured the debug strings were properly '\0'
terminated.  However, it did not prevent the strncpy from reading past
the end of the status_string.value data; it simply capped it
afterwards.  Improve the code so it only reads up to
status_string.length without overwriting the buffer.
parent f52ee2f7
......@@ -48,6 +48,7 @@ static void print_gss_error(OM_uint32 err_maj, OM_uint32 err_min)
gss_buffer_desc status_string;
char buf_maj[512];
char buf_min[512];
size_t status_len;
do
{
......@@ -59,9 +60,11 @@ static void print_gss_error(OM_uint32 err_maj, OM_uint32 err_min)
&status_string);
if (GSS_ERROR(maj_stat))
break;
strfcpy(buf_maj, (char*) status_string.value, sizeof(buf_maj));
if (status_string.length < sizeof(buf_maj))
buf_maj[status_string.length] = '\0';
status_len = status_string.length;
if (status_len >= sizeof(buf_maj))
status_len = sizeof(buf_maj) - 1;
strncpy(buf_maj, (char*) status_string.value, status_len);
buf_maj[status_len] = '\0';
gss_release_buffer(&min_stat, &status_string);
maj_stat = gss_display_status (&min_stat,
......@@ -72,9 +75,11 @@ static void print_gss_error(OM_uint32 err_maj, OM_uint32 err_min)
&status_string);
if (!GSS_ERROR(maj_stat))
{
strfcpy(buf_min, (char*) status_string.value, sizeof(buf_min));
if (status_string.length < sizeof(buf_min))
buf_min[status_string.length] = '\0';
status_len = status_string.length;
if (status_len >= sizeof(buf_min))
status_len = sizeof(buf_min) - 1;
strncpy(buf_min, (char*) status_string.value, status_len);
buf_min[status_len] = '\0';
gss_release_buffer(&min_stat, &status_string);
}
} while (!GSS_ERROR(maj_stat) && msg_ctx != 0);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment