Bug ID: 6520554 MIT bug #5427 with krb5_kt_get

Bug ID	6520554
Synopsis	MIT bug #5427 with krb5_kt_get_name()
State	10-Fix Delivered (Fix available in build)
Category:Subcategory	kerberosv5_bundled:other
Keywords
Responsible Engineer	William Fiveash
Reported Against
Duplicate Of
Introduced In	solaris_nevada
Commit to Fix	snv_73
Fixed In	snv_73
Release Fixed	solaris_nevada(snv_73) , solaris_10u5(s10u5_04) (Bug ID:2153126)
Related Bugs	6224704
Submit Date	2-February-2007
Last Update Date	5-November-2007
Description	Subject: [krbdev.mit.edu #5427] SVN Commit krb5_kt_get_name() allows the called to specify the size of the buffer to copy the name into. The size must be big enough for the tailing nul character. If one specified a buffer length that is precisely the strlen w/o allowing for the nul - the functions would copy one past the end of the buffer. No code in our tree would be subject this problem - as buffers in use are 1024 or BUFSIZ.... The logic failure was: strlen(p+1) vs. strlen(p)+1 The code is essentially duplicated in the three changed files. Commit By: epeisach Revision: 19137 Changed Files: U trunk/src/lib/krb5/keytab/kt_file.c U trunk/src/lib/krb5/keytab/kt_memory.c U trunk/src/lib/krb5/keytab/kt_srvtab.c
Work Around	N/A
Comments	N/A

OpenSolaris