[962] in Kerberos-V5-bugs
Minor bug in realm_dom.c
daemon@ATHENA.MIT.EDU (Andrew Gross)
Tue Nov 15 21:12:53 1994
Date: Tue, 15 Nov 94 18:12:30 -0800
From: Andrew Gross <drew@drew.sdsc.edu>
To: krb5-bugs@MIT.EDU
Hello,
In lib/krb5/os/realm_dom.c, there is a minor bug where retdomain
is malloc-ed as strlen(trans_realm) but then trans_host is strcpy-ed
into the area.
Thank you,
Andrew Gross
=========================================================================
(Line 106:)
trans_host[sizeof(trans_host)-1] = '\0';
trans_realm[sizeof(trans_realm)-1] = '\0';
if (!strcmp(trans_realm, realm)) {
if (trans_host[0] == '.') {
/*DREW if ((retdomain = malloc(strlen(trans_realm) + 1)) == NULL) {*/
if ((retdomain = malloc(strlen(trans_host) + 1)) == NULL) {
if (realmlist != NULL) {
krb5_xfree(realmlist[0]);
krb5_xfree(realmlist);
}
return ENOMEM;
}
(void)strcpy(retdomain, trans_host);
fclose(trans_file);
=========================================================================
