Changeset ebcdf4d


Ignore:
Timestamp:
Dec 2, 2013, 3:56:28 AM (10 years ago)
Author:
Anders Kaseorg <andersk@mit.edu>
Branches:
master, release-1.10
Children:
8a213ca, ba9a1be, 4a212dd
Parents:
21dc927
git-author:
Anders Kaseorg <andersk@mit.edu> (11/10/13 22:50:58)
git-committer:
Anders Kaseorg <andersk@mit.edu> (12/02/13 03:56:28)
Message:
owl_zephyr_smartstripped_user: Simplify, fixing overlapping strcat

Previously, the strcat(out, realm+1) call might read from the same
place it’s writing to, which is invalid and could break if strcat is
optimized in certain ways.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
File:
1 edited

Legend:

Unmodified
Added
Removed

  • zephyr.c

    rc55930e rebcdf4d  
    13191319CALLER_OWN char *owl_zephyr_smartstripped_user(const char *in)
    13201320{
    1321   char *slash, *dot, *realm, *out;
    1322 
    1323   out = g_strdup(in);
    1324 
    1325   /* bail immeaditly if we don't have to do any work */
    1326   slash = strchr(out, '/');
    1327   dot = strchr(out, '.');
    1328   if (!slash && !dot) {
    1329     return(out);
    1330   }
    1331 
    1332   if (!strncasecmp(out, OWL_ZEPHYR_NOSTRIP_HOST, strlen(OWL_ZEPHYR_NOSTRIP_HOST)) ||
    1333       !strncasecmp(out, OWL_ZEPHYR_NOSTRIP_RCMD, strlen(OWL_ZEPHYR_NOSTRIP_RCMD)) ||
    1334       !strncasecmp(out, OWL_ZEPHYR_NOSTRIP_DAEMON5, strlen(OWL_ZEPHYR_NOSTRIP_DAEMON5)) ||
    1335       !strncasecmp(out, OWL_ZEPHYR_NOSTRIP_DAEMON4, strlen(OWL_ZEPHYR_NOSTRIP_DAEMON4))) {
    1336     return(out);
    1337   }
    1338 
    1339   realm = strchr(out, '@');
    1340   if (!slash && dot && realm && (dot > realm)) {
    1341     /* There's no '/', and the first '.' is in the realm */
    1342     return(out);
    1343   }
    1344 
    1345   /* remove the realm from out, but hold on to it */
    1346   if (realm) realm[0]='\0';
    1347 
    1348   /* strip */
    1349   if (slash) slash[0] = '\0';  /* krb5 style user/instance */
    1350   else if (dot) dot[0] = '\0'; /* krb4 style user.instance */
    1351 
    1352   /* reattach the realm if we had one */
    1353   if (realm) {
    1354     strcat(out, "@");
    1355     strcat(out, realm+1);
    1356   }
    1357 
    1358   return(out);
     1321  int n = strcspn(in, "./");
     1322  char *realm = strchrnul(in, '@');
     1323
     1324  if (in + n >= realm ||
     1325      g_str_has_prefix(in, OWL_ZEPHYR_NOSTRIP_HOST) ||
     1326      g_str_has_prefix(in, OWL_ZEPHYR_NOSTRIP_RCMD) ||
     1327      g_str_has_prefix(in, OWL_ZEPHYR_NOSTRIP_DAEMON5) ||
     1328      g_str_has_prefix(in, OWL_ZEPHYR_NOSTRIP_DAEMON4))
     1329    return g_strdup(in);
     1330  else
     1331    return g_strdup_printf("%.*s%s", n, in, realm);
    13591332}
    13601333
Note: See TracChangeset for help on using the changeset viewer.