This is the mail archive of the mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [open-source] Re: Wish for 2002 ...

On Fri, Jan 11, 2002 at 04:55:51PM -0800, Paul Eggert wrote:

> 		strlcpy(phost, (char *)krb_get_phost(localhost),
> 		    sizeof(phost));
> Now, phost is of size INST_SZ, which is 40 (on OpenBSD 2.9 at least; I
> assume other krb4 implementations are similar).  So, if the Kerberos
> ticket-granting instance name is 40 bytes or longer, this code
> silently misbehaves.

the Kerberos v4 instance name is defined as 40 *in the protocol* -
krb_get_phost() should already truncate the local hostname to the
proper instance size. that we duplicate the effort in ensuring a
NUL-terminated string is just defensive programming against bad
Kerberos libraries. it wouldn't be any different if we memcpy'd the
string in and planted a '\0' in there by hand, just more to read.

> Possibly this misbehavior can lead to a security hole, and possibly
> not; I haven't checked.

there is no misbehaviour here, only defensive programming (have you
read Kerberos library code? oy vey)

strlcat/strlcpy are just the functions strncat/strncpy *should* have
been, consistent with the return value and operation of snprintf
(always NUL-terminate, and return the length of the string it tried to
create). that strncat/strncpy can produce non-C strings is just broken.



Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]