jimzah/openafs
1
0
Fork 0
mirror of https://git.openafs.org/openafs.git synced 2025-01-18 23:10:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Reallocate memory in aklog for the AFS ID string

Browse Source 
aklog was previously writing the magic AFS ID string into previously
alloated memory with sprintf, but the variable in question was only
as long as the username, so this code could overwrite memory and lead
to heap corruption.  Free previously allocated memory and use
afs_asprintf to format the AFS ID string instead.

Change-Id: I7649864817340764c39c176606a9a543c10983c9
Reviewed-on: http://gerrit.openafs.org/1706
Tested-by: Russ Allbery <rra@stanford.edu>
Reviewed-by: Simon Wilkinson <sxw@inf.ed.ac.uk>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
This commit is contained in:
Russ Allbery 2010-04-06 16:31:37 -07:00 committed by Derrick Brashear
parent a763edc3a4
commit 8d41bc24c5
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/aklog/aklog.c
View File

@ -1100,7 +1100,12 @@ auth_to_cell(krb5_context context, char *cell, char *realm, char **linkedcell)
*/
if ((status == 0) && (viceId != ANONYMOUSID)) {
sprintf(username, "AFS ID %d", (int) viceId);
free(username);
if (afs_asprintf(&username, "AFS ID %d", (int) viceId) < 0) {
status = ENOMEM;
username = NULL;
goto out;
}
}
}