jimzah/openafs
1
0
Fork 0
mirror of https://git.openafs.org/openafs.git synced 2025-01-20 16:00:12 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

DEVEL15-windows-netidmgr-plugin-20070407

Browse Source 
protect against pr_CreateUser modifying the username buffer.


(cherry picked from commit fece50be72)
This commit is contained in:
Jeffrey Altman 2007-04-08 03:41:10 +00:00
parent d442816c3e
commit 19ee7f4bd5
1 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/WINNT/netidmgr_plugin/afsfuncs.c
View File

@ -472,7 +472,7 @@ _no_krb5:
ASSUMPTION: ASSUMPTION:
If Krb5 was used to obatain the token, then there is a Krb5 If Krb5 was used to obtain the token, then there is a Krb5
ticket of the form afs/<cell>@<REALM> or afs@<CELL> still ticket of the form afs/<cell>@<REALM> or afs@<CELL> still
in the cache. This is also true for Krb524 token in the cache. This is also true for Krb524 token
acquisition. acquisition.
@ -630,9 +630,7 @@ ViceIDToUsername(char *username,
{ {
static char lastcell[MAXCELLCHARS+1] = { 0 }; static char lastcell[MAXCELLCHARS+1] = { 0 };
static char confname[512] = { 0 }; static char confname[512] = { 0 };
#ifdef AFS_ID_TO_NAME
char username_copy[BUFSIZ]; char username_copy[BUFSIZ];
#endif /* AFS_ID_TO_NAME */
long viceId = ANONYMOUSID; /* AFS uid of user */ long viceId = ANONYMOUSID; /* AFS uid of user */
int status = 0; int status = 0;
#ifdef ALLOW_REGISTER #ifdef ALLOW_REGISTER
@ -667,18 +665,20 @@ ViceIDToUsername(char *username,
* automatically register with the ptserver in foreign cells * automatically register with the ptserver in foreign cells
*/ */
/* copy the username because pr_CreateUser will lowercase it */
StringCbCopyA(username_copy, BUFSIZ, username);
#ifdef ALLOW_REGISTER #ifdef ALLOW_REGISTER
if (status == 0) { if (status == 0) {
if (viceId != ANONYMOUSID) { if (viceId != ANONYMOUSID) {
#else /* ALLOW_REGISTER */ #else /* ALLOW_REGISTER */
if ((status == 0) && (viceId != ANONYMOUSID)) if ((status == 0) && (viceId != ANONYMOUSID))
#endif /* ALLOW_REGISTER */ #endif /* ALLOW_REGISTER */
{ {
#ifdef AFS_ID_TO_NAME #ifdef AFS_ID_TO_NAME
StringCbCopyA(username_copy, BUFSIZ, username); StringCchPrintfA(username, BUFSIZ, "%s (AFS ID %d)", username_copy, (int) viceId);
StringCchPrintfA(username, BUFSIZ, "%s (AFS ID %d)", username_copy, (int) viceId);
#endif /* AFS_ID_TO_NAME */ #endif /* AFS_ID_TO_NAME */
} }
#ifdef ALLOW_REGISTER #ifdef ALLOW_REGISTER
} else if (strcmp(realm_of_user, realm_of_cell) != 0) { } else if (strcmp(realm_of_user, realm_of_cell) != 0) {
id = 0; id = 0;
@ -691,10 +691,10 @@ ViceIDToUsername(char *username,
return status; return status;
status = pr_CreateUser(username, &id); status = pr_CreateUser(username, &id);
pr_End(); pr_End();
StringCbCopyA(username, BUFSIZ, username_copy);
if (status) if (status)
return status; return status;
#ifdef AFS_ID_TO_NAME #ifdef AFS_ID_TO_NAME
StringCbCopyA(username_copy, BUFSIZ, username);
StringCchPrintfA(username, BUFSIZ, "%s (AFS ID %d)", username_copy, (int) viceId); StringCchPrintfA(username, BUFSIZ, "%s (AFS ID %d)", username_copy, (int) viceId);
#endif /* AFS_ID_TO_NAME */ #endif /* AFS_ID_TO_NAME */
} }