[30481] in Kerberos
kg_ctx_internalize() function in MIT 1.6.3
daemon@ATHENA.MIT.EDU (Sachin Punadikar)
Mon Dec 1 05:05:07 2008
Message-ID: <9549b1d80812010203k55e379derd0ebe4de35e31202@mail.gmail.com>
Date: Mon, 1 Dec 2008 15:33:57 +0530
From: "Sachin Punadikar" <punadikar.sachin@gmail.com>
To: kerberos@mit.edu
MIME-Version: 1.0
Content-Disposition: inline
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hello,
I was going through the gssapi MIT krb1.6.3 code and I feel there is a
possible bug in kg_ctx_internalize() function defined in
src/lib/gssapi/krb5/ser_sctx.c file.
As I understand the function should unpack entities in the same order in
which they were packed by kg_ctx_externalize() function. But it misses the
order while unpacking the last two structure variables as shown below. Since
acceptor_subkey_cksumtype was packed before cred_rcache and also occurs
before in the _krb5_gss_cred_id_rec structure definition,
acceptor_subkey_cksumtype should be unpacked BEFORE cred_rcache, else the
values will get swapped.
Current Code in kg_ctx_internalize() function:
if (!kret)
kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
ctx->cred_rcache = ibuf;
if (!kret)
kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
ctx->acceptor_subkey_cksumtype = ibuf;
Proposed Code in kg_ctx_internalize() function with change in sequence
while unpacking:
if (!kret)
kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
ctx->acceptor_subkey_cksumtype = ibuf;
if (!kret)
kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
ctx->cred_rcache = ibuf;
Kindly let me know if this is valid.
- Sachin
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
