[28285] in CVS-changelog-for-Kerberos-V5


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

krb5 commit: Fix GSS krb5 initial sequence number gap handling

daemon@ATHENA.MIT.EDU (Greg Hudson)
Tue Mar 18 12:23:45 2014

Date: Tue, 18 Mar 2014 12:23:38 -0400
From: Greg Hudson <ghudson@mit.edu>
Message-Id: <201403181623.s2IGNcXZ023493@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu

https://github.com/krb5/krb5/commit/13a9cb721194c8aa4ccf6ed6ef23e3ac8dd24037
commit 13a9cb721194c8aa4ccf6ed6ef23e3ac8dd24037
Author: Tomas Kuthan <tkuthan@gmail.com>
Date:   Thu Mar 6 13:05:24 2014 +0100

    Fix GSS krb5 initial sequence number gap handling
    
    Since #2040, the dummy queue element inserted by g_order_init no
    longer compares less than the initial sequence number, so we fail when
    the first few sequence numbers are received out of order.  Properly
    detect when a sequence number fits between the dummy element and the
    first real queue element.
    
    [ghudson@mit.edu: rewrote commit message]
    
    ticket: 7872
    target_version: 1.12.2
    tags: pullup

 src/lib/gssapi/generic/util_ordering.c |   15 +++++++++++++++
 1 files changed, 15 insertions(+), 0 deletions(-)

diff --git a/src/lib/gssapi/generic/util_ordering.c b/src/lib/gssapi/generic/util_ordering.c
index 9a1ce89..22c6be2 100644
--- a/src/lib/gssapi/generic/util_ordering.c
+++ b/src/lib/gssapi/generic/util_ordering.c
@@ -195,6 +195,21 @@ g_order_check(void **vqueue, uint64_t seqnum)
                     return(GSS_S_UNSEQ_TOKEN);
             }
         }
+        /*
+         * Exception: if first token arrived out-of-order.
+         * In that case first two elements in queue are 0xFFFFFFFF and some k,
+         * where k > seqnum. We need to insert seqnum before k.
+         * We check this after the for-loop, because this should be rare.
+         */
+        if ((QELEM(q, q->start) == (((uint64_t)0 - 1) & q->mask)) &&
+            ((QELEM(q, q->start + 1) > seqnum))) {
+                queue_insert(q, q->start, seqnum);
+                if (q->do_replay && !q->do_sequence)
+                    return(GSS_S_COMPLETE);
+                else
+                    return(GSS_S_UNSEQ_TOKEN);
+
+        }
     }
 
     /* this should never happen */
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[28285] in CVS-changelog-for-Kerberos-V5

krb5 commit: Fix GSS krb5 initial sequence number gap handling

daemon@ATHENA.MIT.EDU (Greg Hudson)Tue Mar 18 12:23:45 2014

daemon@ATHENA.MIT.EDU (Greg Hudson)
Tue Mar 18 12:23:45 2014