From a94b978e9dcc4aa95abc2031c7f81d27faa99fe7 Mon Sep 17 00:00:00 2001
From: Pierangelo Masarati <ando@openldap.org>
Date: Sun, 18 Apr 2010 02:42:56 +0000
Subject: [PATCH] (blind) fix off-by-one bug (ITS#6223; fixed differently)

---
 libraries/libldap/gssapi.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/libraries/libldap/gssapi.c b/libraries/libldap/gssapi.c
index 754df18866..7e9a4406c8 100644
--- a/libraries/libldap/gssapi.c
+++ b/libraries/libldap/gssapi.c
@@ -542,12 +542,12 @@ guess_service_principal(
 
 	} else if (allow_remote && dnsHostName) {
 		principal_fmt = "ldap/%s";
-		svc_principal_size = strlen(dnsHostName) + strlen(principal_fmt);
+		svc_principal_size = STRLENOF("ldap/") + strlen(dnsHostName) + 1;
 		str = dnsHostName;
 
 	} else {
 		principal_fmt = "ldap/%s";
-		svc_principal_size = strlen(host) + strlen(principal_fmt);
+		svc_principal_size = STRLENOF("ldap/") + strlen(host) + 1;
 		str = host;
 	}
 
@@ -557,8 +557,8 @@ guess_service_principal(
 		return ld->ld_errno;
 	}
 
-	ret = snprintf( svc_principal, svc_principal_size - 1, principal_fmt, str);
-	if (ret < 0 || (size_t)ret + 1 >= svc_principal_size) {
+	ret = snprintf( svc_principal, svc_principal_size, principal_fmt, str );
+	if (ret < 0 || (size_t)ret >= svc_principal_size) {
 		ld->ld_errno = LDAP_LOCAL_ERROR;
 		return ld->ld_errno;
 	}
@@ -567,7 +567,7 @@ guess_service_principal(
 	       host, svc_principal, 0 );
 
 	input_name.value  = svc_principal;
-	input_name.length = strlen( svc_principal );
+	input_name.length = (size_t)ret;
 
 	gss_rc = gss_import_name( &minor_status, &input_name, &nt_principal, principal );
 	ldap_memfree( svc_principal );
-- 
2.39.5