2006-04-10 NeilBrown <neilb@suse.de>
authorneilbrown <neilbrown>
Mon, 10 Apr 2006 09:57:17 +0000 (09:57 +0000)
committerneilbrown <neilbrown>
Mon, 10 Apr 2006 09:57:17 +0000 (09:57 +0000)
commit660809fe7e597520d17deab9225f1b371c08d65c
treeb0da1b809f0f3ca6fac54b662486440998f9cea3
parentaa2d7a1e352a6c2190452ebc3c638b66a2cf6f9b
2006-04-10 NeilBrown <neilb@suse.de>
Various paranoia checks:
gssd_proc.c: pass max_field sizes to sscanf to avoid buffer
  overflow
svcgssd_proc.c: range_check name.length, to ensure name.length+1
  doesn't wrap
idmapd.c(nfsdcb): make sure at least one byte is read before
 zeroing the last byte that was read, otherwise memory corruption
 is possible.

Found by SuSE security audit.
ChangeLog
utils/gssd/gssd_proc.c
utils/gssd/svcgssd_proc.c
utils/idmapd/idmapd.c