[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

hdb/print.c:hdb_entry2string

To: heimdal-discuss@sics.se
Subject: hdb/print.c:hdb_entry2string
From: Chris Chiappa <griffon+heimdal-discuss@snurgle.org>
Date: Tue, 19 Jun 2001 23:49:54 -0400
Reply-To: chris@chiappa.net
Sender: owner-heimdal-discuss@sics.se
User-Agent: Mutt/1.3.19i

hdb_entry2string uses a statically sized 1KB buffer to assemble the string
to be printed to the dump file for kadmin -l dump.  For reasons I won't go
into some entries in my database have a large number of keys and even a few
duplicates (hrmm duplicates would probably be a good thing to stop from
happening in the KDC, but that's another story...):

Keytypes(salttype[(salt-value)]): des-cbc-md5(pw-salt()),
des-cbc-md4(pw-salt()), des-cbc-crc(pw-salt()), des3-cbc-sha1(pw-salt),
des-cbc-md5(pw-salt), des-cbc-md4(pw-salt), des-cbc-crc(pw-salt),
des-cbc-md5(afs3-salt()), des-cbc-md4(afs3-salt()),
des-cbc-crc(afs3-salt()), des-cbc-md5(afs3-salt(SNURGLE.ORG)),
des-cbc-md4(afs3-salt(SNURGLE.ORG)), des-cbc-crc(afs3-salt(SNURGLE.ORG)),
des3-cbc-sha1(pw-salt), des-cbc-md5(pw-salt), des-cbc-md4(pw-salt),
des-cbc-crc(pw-salt), des-cbc-md5(pw-salt()), des-cbc-md4(pw-salt()),
des-cbc-crc(pw-salt()), des3-cbc-sha1(pw-salt)

Having this many keys (more than about 16 seems to be the limit for me)
causes the 1KB buffer to overflow with nasty consequences (On my machine,
it tends to overwrite ent, causing an ungraceful segfault).  The attached
patch approximates something which tries to dynamically size the buffer
based on the number of keys.  Presumably someone who knows more about the
data involved can come up with something a bit more elegant and/or accurate.

-- 

..ooOO chris@chiappa.net              | My opinions are my own  OOoo..
..ooOO chris.chiappa@oracle.com       | and certainly not those OOoo..
..ooOO http://www.chiappa.net/~chris/ | of my employer          OOoo..

--- print.c.orig	Tue Jun 19 23:32:01 2001
+++ print.c	Tue Jun 19 23:40:08 2001
@@ -127,15 +127,30 @@
 hdb_entry2string(krb5_context context, hdb_entry *ent, char **str)
 {
     char *p;
-    char buf[1024] = "";
+    char *buf;
     char tmp[32];
     int i;
+    size_t sz;
     krb5_error_code ret;
 
     /* --- principal */
     ret = krb5_unparse_name(context, ent->principal, &p);
     if(ret)
 	return ret;
+    sz = 1024;
+    /* Loop over our keys and calculate an approximate maximum size to
+     * store all of them */
+    for(i = 0; i < ent->keys.len; i++) {
+        sz += 23; /* Approx. max size of mkvno string portion */
+        sz += ent->keys.val[i].key.keyvalue.length * 2 + 1;
+        if(ent->keys.val[i].salt)
+            sz += ent->keys.val[i].salt->salt.length * 2 + 1;
+        else
+            sz += 1; /* Space for '-' */
+    }
+
+    *str = buf = malloc(sz);
+    *buf = '\0';
     strlcat(buf, p, sizeof(buf));
     strlcat(buf, " ", sizeof(buf));
     free(p);
@@ -217,8 +232,6 @@
     /* --- flags */
     snprintf(tmp, sizeof(tmp), "%d", HDBFlags2int(ent->flags));
     strlcat(buf, tmp, sizeof(buf));
-    
-    *str = strdup(buf);
     
     return 0;
 }

Follow-Ups:
- Re: hdb/print.c:hdb_entry2string
  - From: joda@pdc.kth.se (Johan Danielsson)

Prev by Date: Re: Heimdal error number goofiness
Next by Date: Re: hdb/print.c:hdb_entry2string
Prev by thread: Re: libpam-heimdal
Next by thread: Re: hdb/print.c:hdb_entry2string
Index(es):
- Date
- Thread