[23776] in Kerberos
Re: KRB5 1.4 vs. KRB5 1.3.6 on AIX 5.2 (fwd)
daemon@ATHENA.MIT.EDU (Ken Raeburn)
Tue Apr 26 16:37:15 2005
In-Reply-To: <6.0.1.1.2.20050426111426.033677d0@cic-mail.lanl.gov>
Mime-Version: 1.0 (Apple Message framework v622)
Content-Type: text/plain; charset=US-ASCII; format=flowed
Message-Id: <7768dc62668092bd09f0fb17051b44bc@mit.edu>
Content-Transfer-Encoding: 7bit
From: Ken Raeburn <raeburn@mit.edu>
Date: Tue, 26 Apr 2005 16:36:26 -0400
To: Milton Turley <mturley@lanl.gov>
cc: kerberos@mit.edu
Errors-To: kerberos-bounces@mit.edu
On Apr 26, 2005, at 13:40, Milton Turley wrote:
> I have done some research on this problem. The host resolve code does
> not complete successfully. I have traced the error to the routine at
> /kerberos/mit/krb5-1.4/src/lib/krb5/os/dnsglue.c. In the routine a
> call is made to res_ninit to provide dns information for the kdc.
> res_ninit updates the structure at statbuf but overlays memory 72
> bytes past the structure boundary.
If we change statbuf to something like:
struct { struct __res_state s; char pad[72]; } statbuf;
or perhaps:
struct { struct __res_state s; char pad[72]; } statbuf1;
#define statbuf (statbuf1.s)
does it work then?
Do the AIX 5.2 headers declare res_ninit and indicate what type should
be used for the first argument?
> I have opened a problem with IBM on res_ninit. The problem is not yet
> resolved but IBM suggested using a malloc for the structure instead of
> static storage. I am trying to get IBM to correct the error in
> res_ninit. No resoultion yet.
Well, technically, we're using automatic storage, not static, but it
seems to me that the problem is not knowing the size and/or type to
allocate, not stack vs heap allocation. (Though heap allocation would
change the failure mode caused by an overrun, it wouldn't by itself get
rid of the overrun.)
Ken
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos