[2566] in Kerberos-V5-bugs

home help back first fref pref prev next nref lref last post

krb5-clients/284: v4rcp.c has serious problems

daemon@ATHENA.MIT.EDU (tytso@MIT.EDU)
Fri Dec 6 01:04:28 1996

Resent-From: gnats@rt-11.MIT.EDU (GNATS Management)
Resent-To: krb5-unassigned@RT-11.MIT.EDU
Resent-Reply-To: krb5-bugs@MIT.EDU, tytso@MIT.EDU
Date: Fri, 6 Dec 1996 01:03:18 -0500
From: tytso@MIT.EDU
Reply-To: tytso@MIT.EDU
To: krb5-bugs@MIT.EDU

	Note: There was a bad value `sw-bugs' for the field `>Class:'.
	It was set to the default value of `sw-bug'.


>Number:         284
>Category:       krb5-clients
>Synopsis:       v4rcp.c has serious problems with correctness
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    krb5-unassigned
>State:          open
>Class:          sw-bug
>Submitter-Id:   unknown
>Arrival-Date:   Fri Dec 06 01:04:00 EST 1996
>Last-Modified:
>Originator:     Theodore Y. Ts'o
>Organization:
mit
>Release:        1.0-development
>Environment:
	
System: SunOS dcl 5.4 Generic_101945-37 sun4m sparc


>Description:

v4rcp.c is a really problematic piece of code.

1)  sys_errlist is being blindly defined for all platforms except
	NetBSD.  Because it's a platform-specific test, FreeBSD fails here as
	well.  For now (in the 1.0 release), we will "fix" this by adding
	FreeBSD to the platform test.  Eventually we should elimiate the use
	of sys_errlist altogether.

2) sys_errlist is being used all over without first testing to see if
	errno is list than sys_nerr.  This is inherently dangerous.  
	Eventually we should just not use sys_errlist, and use 
	error_message() instead.  Let com_err take care of the problem.

3)  The return value from krb_recvauth is handled by using krb_krb_err_text()
	This is a problem, since 50% of the errors from krb_recvauth are 
	krb_get_err_text errors, and the other half are errno returns.
	Too bad those two error spaces overlap....

>How-To-Repeat:
	
>Fix:
	
>Audit-Trail:
>Unformatted:

home help back first fref pref prev next nref lref last post