[Bug 1066] off-by-one error with GSSAPI names
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Tue Aug 30 19:24:56 EST 2005
http://bugzilla.mindrot.org/show_bug.cgi?id=1066
------- Additional Comments From simon at sxw.org.uk 2005-08-30 19:24 -------
Yes - all GSSAPI buffers use an explicit length, rather than using NULL as a
marker. This is a bug which should be fixed for correctness's sake.
David's fix is probably as good as any (and leaves the code more readable than
using a series of memcpy's to avoid the NULL in the first place). Perhaps the
modification to gssbuf.length should have a comment - to explain that its
stripping the trailing NULL.
However, in the case of import_name, all of the GSSAPI implementations I have
source for then take the buffer, malloc a string 1 character longer, and stick a
NULL back on the end. I can't see anyway in which already having the string NULL
terminated would cause the problems that David's describing.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list