[1257] in Kerberos-V5-bugs
krb5b4pl3: appl/popper/pop_init.c: should check peer address
daemon@ATHENA.MIT.EDU (Jonathan I. Kamens)
Thu Mar 23 16:01:55 1995
From: "Jonathan I. Kamens" <jik@cam.ov.com>
Date: Thu, 23 Mar 1995 16:04:52 -0500
To: krb5-bugs@MIT.EDU
The recvauth call that the popper does should verify that it's coming
from the address it's supposed to be coming from.
Patch:
--- pop_init.c 1995/03/23 20:53:57 1.1
+++ pop_init.c 1995/03/23 20:55:21
@@ -290,6 +290,7 @@
krb5_error_code retval;
krb5_principal server;
int sock = 0;
+ krb5_address cli_addr;
krb5_init_ets();
@@ -303,10 +304,14 @@
exit(-1);
}
+ cli_addr.addrtype = addr->sin_family;
+ cli_addr.length = sizeof(addr->sin_addr);
+ cli_addr.contents = (krb5_octet *) &addr->sin_addr;
+
if (retval = krb5_recvauth((krb5_pointer)&sock,
"KPOPV1.0",
server,
- 0, /* ignore peer address */
+ &cli_addr,
0, 0, 0, /* no fetchfrom, keyproc or arg */
0, /* default rc type */
0, /* no flags */
