From 6ba6ff39c052b4a46d6bfb7baa06ba423bd292ee Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Mon, 29 Aug 2011 06:33:25 +0000
Subject: [PATCH] check the results of dns_name_toprincipal calls, only use
 gnamebuf.value when valid

---
 lib/dns/gssapictx.c | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/lib/dns/gssapictx.c b/lib/dns/gssapictx.c
index cf8fba03e7..9702dc5c5c 100644
--- a/lib/dns/gssapictx.c
+++ b/lib/dns/gssapictx.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: gssapictx.c,v 1.28 2011/04/07 23:03:22 marka Exp $ */
+/* $Id: gssapictx.c,v 1.29 2011/08/29 06:33:25 marka Exp $ */
 
 #include <config.h>
 
@@ -135,6 +135,7 @@ name_to_gbuffer(dns_name_t *name, isc_buffer_t *buffer,
 	}
 
 	result = dns_name_toprincipal(namep, buffer);
+	RUNTIME_CHECK(result == ISC_R_SUCCESS);
 	isc_buffer_putuint8(buffer, 0);
 	isc_buffer_usedregion(buffer, &r);
 	REGION_TO_GBUFFER(r, *gbuffer);
@@ -309,7 +310,7 @@ dst_gssapi_acquirecred(dns_name_t *name, isc_boolean_t initiate,
 	if (gret != GSS_S_COMPLETE) {
 		gss_log(3, "failed to acquire %s credentials for %s: %s",
 			initiate ? "initiate" : "accept",
-			(char *)gnamebuf.value,
+			(gname != NULL) ? (char *)gnamebuf.value : "?",
 			gss_error_tostring(gret, minor, buf, sizeof(buf)));
 		check_config((char *)array);
 		return (ISC_R_FAILURE);
@@ -317,12 +318,14 @@ dst_gssapi_acquirecred(dns_name_t *name, isc_boolean_t initiate,
 
 	gss_log(4, "acquired %s credentials for %s",
 		initiate ? "initiate" : "accept",
-		(char *)gnamebuf.value);
+		(gname != NULL) ? (char *)gnamebuf.value : "?");
 
 	log_cred(*cred);
 
 	return (ISC_R_SUCCESS);
 #else
+	REQUIRE(cred != NULL && *cred == NULL);
+
 	UNUSED(name);
 	UNUSED(initiate);
 	UNUSED(cred);
@@ -342,13 +345,15 @@ dst_gssapi_identitymatchesrealmkrb5(dns_name_t *signer, dns_name_t *name,
 	char *sname;
 	char *rname;
 	isc_buffer_t buffer;
+	isc_result_t result;
 
 	/*
 	 * It is far, far easier to write the names we are looking at into
 	 * a string, and do string operations on them.
 	 */
 	isc_buffer_init(&buffer, sbuf, sizeof(sbuf));
-	dns_name_toprincipal(signer, &buffer);
+	result = dns_name_toprincipal(signer, &buffer);
+	RUNTIME_CHECK(result == ISC_R_SUCCESS);
 	isc_buffer_putuint8(&buffer, 0);
 	if (name != NULL)
 		dns_name_format(name, nbuf, sizeof(nbuf));
@@ -414,13 +419,15 @@ dst_gssapi_identitymatchesrealmms(dns_name_t *signer, dns_name_t *name,
 	char *nname;
 	char *rname;
 	isc_buffer_t buffer;
+	isc_result_t result;
 
 	/*
 	 * It is far, far easier to write the names we are looking at into
 	 * a string, and do string operations on them.
 	 */
 	isc_buffer_init(&buffer, sbuf, sizeof(sbuf));
-	dns_name_toprincipal(signer, &buffer);
+	result = dns_name_toprincipal(signer, &buffer);
+	RUNTIME_CHECK(result == ISC_R_SUCCESS);
 	isc_buffer_putuint8(&buffer, 0);
 	if (name != NULL)
 		dns_name_format(name, nbuf, sizeof(nbuf));
@@ -664,8 +671,7 @@ dst_gssapi_acceptctx(gss_cred_id_t cred,
 			gss_log(3, "failed "
 				"gsskrb5_register_acceptor_identity(%s): %s",
 				gssapi_keytab,
-				gss_error_tostring(gret, minor,
-						   buf, sizeof(buf)));
+				gss_error_tostring(gret, 0, buf, sizeof(buf)));
 			return (DNS_R_INVALIDTKEY);
 		}
 #else