summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeff Layton <jlayton@samba.org>2011-12-03 05:57:14 -0500
committerJeff Layton <jlayton@samba.org>2011-12-03 05:57:14 -0500
commit7976a38aa27acdc2057e3314b87cfce3893a04e8 (patch)
tree0cb7b91d481582cfb0350ab9094fd7e68f2f8bdd
parentd540fe20e3943293f493a80529da012d00782ebe (diff)
downloadcifs-utils-7976a38aa27acdc2057e3314b87cfce3893a04e8.tar.gz
cifs-utils-7976a38aa27acdc2057e3314b87cfce3893a04e8.tar.bz2
cifs-utils-7976a38aa27acdc2057e3314b87cfce3893a04e8.zip
cifs.upcall: move to an on-stack princ buffer
...and check to see if provided hostname will exceed it. Signed-off-by: Jeff Layton <jlayton@samba.org>
-rw-r--r--cifs.upcall.c25
1 files changed, 11 insertions, 14 deletions
diff --git a/cifs.upcall.c b/cifs.upcall.c
index 51af37a..615c827 100644
--- a/cifs.upcall.c
+++ b/cifs.upcall.c
@@ -769,8 +769,9 @@ int main(const int argc, char *const argv[])
unsigned int have;
long rc = 1;
int c, try_dns = 0, legacy_uid = 0;
- char *buf, *princ = NULL, *ccname = NULL;
+ char *buf, *ccname = NULL;
char hostbuf[NI_MAXHOST], *host;
+ char princ[NI_MAXHOST + 5]; /* 5 == len of "cifs/" */
struct decoded_args arg;
const char *oid;
uid_t uid;
@@ -848,6 +849,13 @@ int main(const int argc, char *const argv[])
goto out;
}
+ if (strlen(arg.hostname) >= NI_MAXHOST) {
+ syslog(LOG_ERR, "hostname provided by kernel is too long");
+ rc = 1;
+ goto out;
+
+ }
+
if (!legacy_uid && (have & DKD_HAVE_CREDUID))
uid = arg.creduid;
else if (have & DKD_HAVE_UID)
@@ -877,14 +885,6 @@ int main(const int argc, char *const argv[])
case MS_KRB5:
case KRB5:
retry_new_hostname:
- /* for "cifs/" service name + terminating 0 */
- datalen = strlen(host) + 5 + 1;
- princ = calloc(sizeof(char), datalen);
- if (!princ) {
- rc = -ENOMEM;
- break;
- }
-
if (arg.sec == MS_KRB5)
oid = OID_KERBEROS5_OLD;
else
@@ -894,8 +894,8 @@ retry_new_hostname:
* try getting a cifs/ principal first and then fall back to
* getting a host/ principal if that doesn't work.
*/
- strlcpy(princ, "cifs/", datalen);
- strlcpy(princ + 5, host, datalen - 5);
+ strlcpy(princ, "cifs/", sizeof(princ));
+ strlcpy(princ + 5, host, sizeof(princ) - 5);
rc = handle_krb5_mech(oid, princ, &secblob, &sess_key, ccname);
if (!rc)
break;
@@ -912,7 +912,6 @@ retry_new_hostname:
if (rc)
break;
- SAFE_FREE(princ);
try_dns = 0;
host = hostbuf;
goto retry_new_hostname;
@@ -922,8 +921,6 @@ retry_new_hostname:
break;
}
- SAFE_FREE(princ);
-
if (rc)
goto out;