svn commit: samba r23455 - in branches/SAMBA_4_0/source/auth/gensec: .

[abartlet at samba.org]

Author: abartlet
Date: 2007-06-13 05:14:00 +0000 (Wed, 13 Jun 2007)
New Revision: 23455

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=23455

Log:
These buffers may not be null terminated. Ensure we don't run past the
end of teh buffer printing the error strings.

Andrew Bartlett

Modified:
   branches/SAMBA_4_0/source/auth/gensec/gensec_gssapi.c


Changeset:
Modified: branches/SAMBA_4_0/source/auth/gensec/gensec_gssapi.c
===================================================================
--- branches/SAMBA_4_0/source/auth/gensec/gensec_gssapi.c	2007-06-12 23:29:53 UTC (rev 23454)
+++ branches/SAMBA_4_0/source/auth/gensec/gensec_gssapi.c	2007-06-13 05:14:00 UTC (rev 23455)
@@ -87,19 +87,30 @@
 	OM_uint32 disp_min_stat, disp_maj_stat;
 	gss_buffer_desc maj_error_message;
 	gss_buffer_desc min_error_message;
+	char *maj_error_string, *min_error_string;
 	OM_uint32 msg_ctx = 0;
 
 	char *ret;
 
 	maj_error_message.value = NULL;
 	min_error_message.value = NULL;
+	maj_error_message.length = 0;
+	min_error_message.length = 0;
 	
 	disp_maj_stat = gss_display_status(&disp_min_stat, maj_stat, GSS_C_GSS_CODE,
 			   mech, &msg_ctx, &maj_error_message);
 	disp_maj_stat = gss_display_status(&disp_min_stat, min_stat, GSS_C_MECH_CODE,
 			   mech, &msg_ctx, &min_error_message);
-	ret = talloc_asprintf(mem_ctx, "%s: %s", (char *)maj_error_message.value, (char *)min_error_message.value);
+	
+	maj_error_string = talloc_strndup(mem_ctx, (char *)maj_error_message.value, maj_error_message.length);
 
+	min_error_string = talloc_strndup(mem_ctx, (char *)min_error_message.value, min_error_message.length);
+
+	ret = talloc_asprintf(mem_ctx, "%s: %s", maj_error_string, min_error_string);
+
+	talloc_free(maj_error_string);
+	talloc_free(min_error_string);
+
 	gss_release_buffer(&disp_min_stat, &maj_error_message);
 	gss_release_buffer(&disp_min_stat, &min_error_message);