[26696] in CVS-changelog-for-Kerberos-V5
krb5 commit: Reject extra realm separators in principal names
daemon@ATHENA.MIT.EDU (Greg Hudson)
Sun Jul 8 00:49:39 2012
Date: Sun, 8 Jul 2012 00:49:34 -0400
From: Greg Hudson <ghudson@mit.edu>
Message-Id: <201207080449.q684nYmj003365@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/f74fa6199f328c837f452fe6a4ca9e5242484b3e
commit f74fa6199f328c837f452fe6a4ca9e5242484b3e
Author: Greg Hudson <ghudson@mit.edu>
Date: Sun Jul 8 00:25:06 2012 -0400
Reject extra realm separators in principal names
Commit f609e5caff410cc8f71db7d95b4da219541437db accidentally omitted
the check for extra realm separators, leading to an assertion error
when parsing x@y@z or similar. Restore the check.
src/lib/krb5/krb/parse.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/src/lib/krb5/krb/parse.c b/src/lib/krb5/krb/parse.c
index cf3cce9..613e41d 100644
--- a/src/lib/krb5/krb/parse.c
+++ b/src/lib/krb5/krb/parse.c
@@ -79,6 +79,8 @@ allocate_princ(krb5_context context, const char *name, krb5_boolean enterprise,
} else if (*p == '@' && (!enterprise || !first_at)) {
/* Realm separator. In enterprise principals, the first one of
* these we see is part of the component. */
+ if (cur_data == &princ->realm)
+ return KRB5_PARSE_MALFORMED;
cur_data = &princ->realm;
} else {
/* Component or realm character, possibly quoted. Make note if
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
