9991ea
From a8fde83022360a02e53b70fd7bd4d61de1ccc7cb Mon Sep 17 00:00:00 2001
9991ea
From: Martin Kosek <mkosek@redhat.com>
9991ea
Date: Fri, 7 Mar 2014 10:06:52 +0100
9991ea
Subject: [PATCH 57/58] Avoid passing non-terminated string to is_master_host
9991ea
9991ea
When string is not terminated, queries with corrupted base may be sent
9991ea
to LDAP:
9991ea
9991ea
... cn=ipa1.example.com<garbage>,cn=masters...
9991ea
9991ea
https://fedorahosted.org/freeipa/ticket/4214
9991ea
9991ea
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
9991ea
---
9991ea
 daemons/ipa-kdb/ipa_kdb_mspac.c | 3 ++-
9991ea
 1 file changed, 2 insertions(+), 1 deletion(-)
9991ea
9991ea
diff --git a/daemons/ipa-kdb/ipa_kdb_mspac.c b/daemons/ipa-kdb/ipa_kdb_mspac.c
9991ea
index 8481278760aba2d5dec5c337813f394633d67e46..a73a3cb46e104b43493177e333deb2b0d6226c2a 100644
9991ea
--- a/daemons/ipa-kdb/ipa_kdb_mspac.c
9991ea
+++ b/daemons/ipa-kdb/ipa_kdb_mspac.c
9991ea
@@ -488,13 +488,14 @@ static krb5_error_code ipadb_fill_info3(struct ipadb_context *ipactx,
9991ea
         }
9991ea
 
9991ea
         data = krb5_princ_component(ipactx->context, princ, 1);
9991ea
-        strres = malloc(data->length);
9991ea
+        strres = malloc(data->length+1);
9991ea
         if (strres == NULL) {
9991ea
             krb5_free_principal(ipactx->kcontext, princ);
9991ea
             return ENOENT;
9991ea
         }
9991ea
 
9991ea
         memcpy(strres, data->data, data->length);
9991ea
+        strres[data->length] = '\0';
9991ea
         krb5_free_principal(ipactx->kcontext, princ);
9991ea
 
9991ea
         /* Only add PAC to TGT to services on IPA masters to allow querying
9991ea
-- 
9991ea
1.8.5.3
9991ea