[252] in Kerberos-V5-bugs
[Prasad Upasani: Bug in admin code of beta release]
daemon@ATHENA.MIT.EDU (Theodore Ts'o)
Fri Nov 13 20:09:26 1992
Date: Fri, 13 Nov 92 20:09:13 EST
From: tytso@Athena.MIT.EDU (Theodore Ts'o)
To: krb5-bugs@Athena.MIT.EDU
------- Forwarded Message
Date: Thu, 12 Nov 92 23:23:56 PST
From: Prasad Upasani <prasad@isi.edu>
To: tytso@Athena.MIT.EDU
Cc: bcn@isi.edu, prasad@isi.edu
Reply-To: prasad@isi.edu
Organization: USC Information Sciences Institute.
Address: 4676 Admiralty Way, Marina del Rey, CA 90292-6695
Phone: (310) 822-1511, ext. 170.
Subject: Bug in admin code of beta release
Yesterday I discovered two bugs in the kadmin code, one in the server
and one in the client. The bug in the server is much more serious
since it causes a core dump at the server whenever a new principal is
added to the database. The bug in the client causes the final
character of the principal name to be overwritten whenever a command
of the type "add <principal>" is given.
These bugs were *not* in the code I sent out to you. They seem to have
been introduced during integration. I apologize for not having noticed
them earlier.
I have corrected these bugs, and I include below the diffs with the
original beta-release files. The two files are kadmin/server/adm_funcs.c and
kadmin/client/kadmin_add.c
Thanks.
-Prasad
*** kadmin/server/adm_funcs.c Thu Nov 12 00:11:31 1992
--- kadmin/server/adm_funcs.c.orig Tue Sep 29 11:49:29 1992
***************
*** 193,199 ****
}
if (!req_type) { /* New entry - initialize */
! memset((char *)entry, 0, sizeof(*entry));
entry->principal = (krb5_principal) principal;
entry->kvno = KDB5_VERSION_NUM;
entry->max_life = KDB5_MAX_TKT_LIFE;
--- 193,199 ----
}
if (!req_type) { /* New entry - initialize */
! memset((char *) &entry, 0, sizeof(entry));
entry->principal = (krb5_principal) principal;
entry->kvno = KDB5_VERSION_NUM;
entry->max_life = KDB5_MAX_TKT_LIFE;
*** kadmin/client/kadmin_add.c Wed Nov 11 17:35:05 1992
--- kadmin/client/kadmin_add.c.orig Tue Sep 29 11:49:29 1992
***************
*** 84,97 ****
fprintf(stderr, "Invalid Principal name!\n");
count++;
} while (username[0] == '\n' && count < 3);
! if (username[0] == '\n') {
! fprintf(stderr, "Aborting!!\n\n");
! return(1);
! }
!
! username[strlen(username) -1] = '\0';
}
(void) memcpy( inbuf.data + 3, username, strlen(username));
inbuf.length = strlen(username) + 3;
--- 84,97 ----
fprintf(stderr, "Invalid Principal name!\n");
count++;
} while (username[0] == '\n' && count < 3);
+ }
! if (username[0] == '\n') {
! fprintf(stderr, "Aborting!!\n\n");
! return(1);
}
+
+ username[strlen(username) -1] = '\0';
(void) memcpy( inbuf.data + 3, username, strlen(username));
inbuf.length = strlen(username) + 3;
------- End Forwarded Message
