[Bug 1066] off-by-one error with GSSAPI names

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Sat Aug 27 01:16:50 EST 2005


http://bugzilla.mindrot.org/show_bug.cgi?id=1066

           Summary: off-by-one error with GSSAPI names
           Product: Portable OpenSSH
           Version: 4.1p1
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: ssh
        AssignedTo: bitbucket at mindrot.org
        ReportedBy: dleonard at vintela.com


ssh_gssapi_import_name() passes a string through a GSSAPI buffer that is one
byte too long. This seems to occasionally cause problems, like spurious garbage
characters appearing at the end of realms.

------- Additional Comments From dleonard at vintela.com  2005-08-08 23:33 -------
Created an attachment (id=945)
 --> (http://bugzilla.mindrot.org/attachment.cgi?id=945&action=view)
quick fix

Simple fix that decrements the buffer length after the snprintf.
A real fix would not be so hacky. :)

------- Additional Comments From djm at mindrot.org  2005-08-27 01:16 -------
Are you saying that gssbuf.value shouldn't be \0 terminated?



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list