mikbec@web.de writes:

When GSSAPI option GSSAPI_ALLOW_REMOTE_PRINCIPAL is switched on then string provided by "givenstr" will be used as principal name. But length of string counted in "svc_principal_size" is one letter to less.

svc_principal_size looks correct in that case, but the snprintf is wrong. I can't test, but it should work to pass svc_principal_size instead of svc_principal_size-1. Except snprintf seems pointless here, since we already make sure to allocate enough memory to avoid overflow.

I'll take the opportunity to get rid of a gcc -Wformat warning - it can't verify the format argument since that is not a string literal.

Like this. What's a good name for my new "prefix" variable below? I don't know Kerberos/GSSAPI terminology.

const char *prefix; ... if (allow_remote && givenstr) { prefix = ""; str = givenstr; } else { prefix = "ldap/"; str = (allow_remote && dnsHostName) ? dnsHostName : host; }

svc_principal = (char*) ldap_memalloc(strlen(prefix) + strlen(str) + 1); if ( svc_principal == NULL ) { ld->ld_errno = LDAP_NO_MEMORY; return ld->ld_errno; } sprintf( svc_principal, "%s%s", prefix, str);