From: Quanah Gibson-Mount <quanah@openldap.org>
Date: Mon, 19 Apr 2010 22:40:07 +0000 (+0000)
Subject: ITS#6223
X-Git-Tag: OPENLDAP_REL_ENG_2_4_22~9
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=80e55efc3248be59fdf98d3d35a1fbbfd1b5d844;p=openldap

ITS#6223
---

diff --git a/CHANGES b/CHANGES
index f754512930..6da558c782 100644
--- a/CHANGES
+++ b/CHANGES
@@ -7,6 +7,7 @@ OpenLDAP 2.4.22 Engineering
 	Added slapo-ldap idassert-passthru (ITS#6456)
 	Added slapo-pbind
 	Fixed libldap gmtime re-entrancy (ITS#6262)
+	Fixed libldap gssapi off by one error (ITS#6223)
 	Fixed libldap GnuTLS serial length (ITS#6460)
 	Fixed libldap MozNSS context and PEM support (ITS#6432)
 	Fixed libldap referral on bind behavior(ITS#6510)
diff --git a/libraries/libldap/gssapi.c b/libraries/libldap/gssapi.c
index 754df18866..7e9a4406c8 100644
--- a/libraries/libldap/gssapi.c
+++ b/libraries/libldap/gssapi.c
@@ -542,12 +542,12 @@ guess_service_principal(
 
 	} else if (allow_remote && dnsHostName) {
 		principal_fmt = "ldap/%s";
-		svc_principal_size = strlen(dnsHostName) + strlen(principal_fmt);
+		svc_principal_size = STRLENOF("ldap/") + strlen(dnsHostName) + 1;
 		str = dnsHostName;
 
 	} else {
 		principal_fmt = "ldap/%s";
-		svc_principal_size = strlen(host) + strlen(principal_fmt);
+		svc_principal_size = STRLENOF("ldap/") + strlen(host) + 1;
 		str = host;
 	}
 
@@ -557,8 +557,8 @@ guess_service_principal(
 		return ld->ld_errno;
 	}
 
-	ret = snprintf( svc_principal, svc_principal_size - 1, principal_fmt, str);
-	if (ret < 0 || (size_t)ret + 1 >= svc_principal_size) {
+	ret = snprintf( svc_principal, svc_principal_size, principal_fmt, str );
+	if (ret < 0 || (size_t)ret >= svc_principal_size) {
 		ld->ld_errno = LDAP_LOCAL_ERROR;
 		return ld->ld_errno;
 	}
@@ -567,7 +567,7 @@ guess_service_principal(
 	       host, svc_principal, 0 );
 
 	input_name.value  = svc_principal;
-	input_name.length = strlen( svc_principal );
+	input_name.length = (size_t)ret;
 
 	gss_rc = gss_import_name( &minor_status, &input_name, &nt_principal, principal );
 	ldap_memfree( svc_principal );