1 --- lib/krb5/recvauth.c.orig 2022-09-15 16:54:19.000000000 -0700 2 +++ lib/krb5/recvauth.c 2022-11-21 14:37:31.130429000 -0800 3 @@ -98,7 +98,7 @@ 4 const char *version = KRB5_SENDAUTH_VERSION; 5 char her_version[sizeof(KRB5_SENDAUTH_VERSION)]; 6 char *her_appl_version; 7 - uint32_t len; 8 + uint32_t len, bytes; 9 u_char repl; 10 krb5_data data; 11 krb5_flags ap_options; 12 @@ -166,15 +166,21 @@ 13 krb5_net_write (context, p_fd, &repl, 1); 14 return krb5_enomem(context); 15 } 16 - if (krb5_net_read (context, p_fd, her_appl_version, len) != len 17 - || !(*match_appl_version)(match_data, her_appl_version)) { 18 - repl = 2; 19 - krb5_net_write (context, p_fd, &repl, 1); 20 - krb5_set_error_message(context, KRB5_SENDAUTH_BADAPPLVERS, 21 - N_("wrong sendauth application version (%s)", ""), 22 - her_appl_version); 23 - free (her_appl_version); 24 - return KRB5_SENDAUTH_BADAPPLVERS; 25 + if ((bytes = krb5_net_read (context, p_fd, her_appl_version, len))) { 26 + /* PR/267884: String read must always conatain a terminating NUL */ 27 + if (strnlen(her_appl_version, len) == len) 28 + her_appl_version[len-1] = '\0'; 29 + 30 + if (bytes != len || 31 + !(*match_appl_version)(match_data, her_appl_version)) { 32 + repl = 2; 33 + krb5_net_write (context, p_fd, &repl, 1); 34 + krb5_set_error_message(context, KRB5_SENDAUTH_BADAPPLVERS, 35 + N_("wrong sendauth application version (%s)", ""), 36 + her_appl_version); 37 + free (her_appl_version); 38 + return KRB5_SENDAUTH_BADAPPLVERS; 39 + } 40 } 41 free (her_appl_version); 42 43