Blame SOURCES/bind99-ISC-Bugs-35073.patch
|
 |
900526 |
diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c
|
|
|
900526 |
index 486c102..dc12a85 100644
|
|
|
900526 |
--- a/bin/nsupdate/nsupdate.c
|
|
|
900526 |
+++ b/bin/nsupdate/nsupdate.c
|
|
|
900526 |
@@ -1566,16 +1566,20 @@ evaluate_realm(char *cmdline) {
|
|
|
900526 |
#ifdef GSSAPI
|
|
|
900526 |
char *word;
|
|
|
900526 |
char buf[1024];
|
|
|
900526 |
+ int n;
|
|
|
900526 |
|
|
|
900526 |
- word = nsu_strsep(&cmdline, " \t\r\n");
|
|
|
900526 |
- if (word == NULL || *word == 0) {
|
|
|
900526 |
- if (realm != NULL)
|
|
|
900526 |
- isc_mem_free(mctx, realm);
|
|
|
900526 |
+ if (realm != NULL) {
|
|
|
900526 |
+ isc_mem_free(mctx, realm);
|
|
|
900526 |
realm = NULL;
|
|
|
900526 |
- return (STATUS_MORE);
|
|
|
900526 |
}
|
|
|
900526 |
|
|
|
900526 |
- snprintf(buf, sizeof(buf), "@%s", word);
|
|
|
900526 |
+ word = nsu_strsep(&cmdline, " \t\r\n");
|
|
|
900526 |
+ if (word == NULL || *word == 0)
|
|
|
900526 |
+ return (STATUS_MORE);
|
|
|
900526 |
+
|
|
|
900526 |
+ n = snprintf(buf, sizeof(buf), "@%s", word);
|
|
|
900526 |
+ if (n < 0 || (size_t)n >= sizeof(buf))
|
|
|
900526 |
+ fatal("realm is too long");
|
|
|
900526 |
realm = isc_mem_strdup(mctx, buf);
|
|
|
900526 |
if (realm == NULL)
|
|
|
900526 |
fatal("out of memory");
|