	cosign-discuss at umich.edu
	general discussion of cosign development and deployment

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: v1.6.0: install error, short array

To: "'Phil Pishioneri'" <pgp@xxxxxxx>
Subject: RE: v1.6.0: install error, short array
From: "Brett Lomas" <b.lomas@xxxxxxxxxxxxxx>
Date: Wed, 12 May 2004 12:27:22 +1200
Cc: <cosign-discuss@xxxxxxxxx>
In-reply-to: <40A1688E.1050100@psu.edu>
Organization: The University of Auckland
Thread-index: AcQ3s/fXv4cEDuraRzeLlFYlJRPrtAAAMV2Q

Hi Phil,

Opps you are absolutely correct. I have attached v1.6.0 patches to fix this.
The changes I have made is extending the krbpath and krb4path variable to
MAXPATHLEN + 1 and sprintf's to snprintf with a size of  sizeof( krbpath or
krb4path ) - 1.

Sorry I missed this one!!

BTW: This is not a UMich 'sanctioned' patch :)



Also, regarding the new config directive to set the ticket cache 
location: In the files that use it:

./cgi/cgi.c
./daemon/command.c
./filters/apache/connect.c
./filters/apache2/connect.c

"krbpath" isn't long enough (currently 24 chars) to hold long names.  
Also, only cgi.c is using snprintf, the others are using sprintf 
(possible overwrites?).  krb4path seems to have similar issues.

-Phil

Attachment: krbpath_overrun_pathes.tgz
Description: application/compressed

References:
- v1.6.0: install error, short array
  - From: Phil Pishioneri

Prev by Date: v1.6.0: install error, short array
Next by Date: Re: v1.6.0: install error, short array
Previous by thread: v1.6.0: install error, short array
Next by thread: Re: v1.6.0: install error, short array
Index(es):
- Date
- Thread