From e3081f7e3e2de4b5678d3defe12f349e0f412b84 Mon Sep 17 00:00:00 2001 From: Conrad Meyer Date: Wed, 20 Apr 2016 04:45:23 +0000 Subject: [PATCH] kgssapi(4): Fix string overrun in Kerberos principal construction 'buf.value' was previously treated as a nul-terminated string, but only allocated with strlen() space. Rectify this. Reported by: Coverity CID: 1007639 Sponsored by: EMC / Isilon Storage Division --- sys/rpc/rpcsec_gss/svc_rpcsec_gss.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c b/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c index b3a920aafaf..1d07943814f 100644 --- a/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c +++ b/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c @@ -331,7 +331,7 @@ rpc_gss_get_principal_name(rpc_gss_principal_t *principal, * Construct a gss_buffer containing the full name formatted * as "name/node@domain" where node and domain are optional. */ - namelen = strlen(name); + namelen = strlen(name) + 1; if (node) { namelen += strlen(node) + 1; }