This is the mail archive of the
libc-alpha@sources.redhat.com
mailing list for the glibc project.
Re: [open-source] Re: Wish for 2002 ...
On Fri, Jan 11, 2002 at 04:55:51PM -0800, Paul Eggert wrote:
> strlcpy(phost, (char *)krb_get_phost(localhost),
> sizeof(phost));
>
> Now, phost is of size INST_SZ, which is 40 (on OpenBSD 2.9 at least; I
> assume other krb4 implementations are similar). So, if the Kerberos
> ticket-granting instance name is 40 bytes or longer, this code
> silently misbehaves.
the Kerberos v4 instance name is defined as 40 *in the protocol* -
krb_get_phost() should already truncate the local hostname to the
proper instance size. that we duplicate the effort in ensuring a
NUL-terminated string is just defensive programming against bad
Kerberos libraries. it wouldn't be any different if we memcpy'd the
string in and planted a '\0' in there by hand, just more to read.
> Possibly this misbehavior can lead to a security hole, and possibly
> not; I haven't checked.
there is no misbehaviour here, only defensive programming (have you
read Kerberos library code? oy vey)
strlcat/strlcpy are just the functions strncat/strncpy *should* have
been, consistent with the return value and operation of snprintf
(always NUL-terminate, and return the length of the string it tried to
create). that strncat/strncpy can produce non-C strings is just broken.
-d.
---
http://www.monkey.org/~dugsong/