[260] in Kerberos-V5-bugs
[notuser@osf.org: OT dce CR 6293 created: kdc may dereference null pointer]
daemon@ATHENA.MIT.EDU (Joe Pato)
Wed Dec 2 16:19:07 1992
From: pato@APOLLO.HP.COM (Joe Pato)
Date: Wed, 2 Dec 92 16:25:29 EST
To: krb5-bugs@MIT.EDU
Ted,
I've just filed the following DCE bug report and verified that your beta 2
code is also subject to the same problem. Your line numbers are different, but
should be close to the same.
- joe
**** Forwarded Message Follows ****
Received: from postman.osf.org by amway.ch.apollo.hp.com id <AA02519@amway.ch.apollo.hp.com> Wed, 2 Dec 92 16:07:27 EST
Received: from [130.105.101.2] by postman.osf.org (5.64+/OSF 1.0)
id AA06037; Wed, 2 Dec 92 16:07:25 -0500
Received: by snoopy (5.57/4.7) id AA00238; Wed, 2 Dec 92 16:05:22 -0500
Date: wed, 2 dec 92 16:05:22
From: notuser@osf.org
To: bradcj@osf.org, dce-ot-sec@osf.org, pato@apollo.hp.com,
sommerfeld@apollo.hp.com
Subject: OT dce CR 6293 created: kdc may dereference null pointer
new CR
CR Number (idnum): 6293
Defect or Enhancement? (def,enh): def
CR in Code, Doc, or Test? (code,doc,test): code
Inter-dependent CRs [num]+:
Project Name (dce): dce
H/W Ref Platform (rs6000,pmax,mx300,other,all)+: all
S/W Ref Platform (osf1,aix,sinix,other,all)+: all
Component Name (bld,cds,dce,dfs,dskl,dts,gds,rpc,sec,thr): sec
Subcomponent Name [text]: kdc
Short Description (text): kdc may dereference null pointer
Reported by [mailname]: pato
Interest List CC [mailname]+:
Reported by Company (dec,hp,ibm,osf,sni,tarc,other): hp
Reported Date [mm/dd/yy]: 12/2/92
Found in Baseline (baseline)+: 1.0
Found Date [mm/dd/yy]: 12/2/92
Severity (A,B,C,D,E): B
Priority (0,1,2,3,4): 1
Status (open,dup,defer,fix,cancel,verified,closed): open
Duplicate Of [num]:
Fix By Baseline [baseline]+: 1.0.2
Fixed In Baseline [baseline]+:
Affected File(s) [text]:
Responsible Engr. [mailname]+: sommerfeld
Resp. Engr's Company [dec,hp,ibm,osf,sni,tarc,other]+: hp
Sensitivity (public,private): public
How was this defect found? (review,test,handson,other): review
Customer Support Ticket Number [num]+:
Reported by Company's Ref. Number [text]:
# ---------------------------------------------------------------
# Please enter the full description of your defect or enhancement
# below under the "note" header. Please add your own new note
# header when adding a new note.
[pato 12/2/92 public]
In krb5/kdc/kdc_util.c ~line 394
}
our_cksum.checksum_type = authdat->authenticator->checksum->checksum_type;
if (!valid_cksumtype(our_cksum.checksum_type)) {
krb5_free_ap_req(apreq);
return KRB5KDC_ERR_SUMTYPE_NOSUPP;
}
Should be:
}
if (authdat->authenticator->checksum == NULL) {
krb5_free_ap_req(apreq);
return KRB5KDC_ERR_SUMTYPE_NOSUPP;
}
our_cksum.checksum_type = authdat->authenticator->checksum->checksum_type;
if (!valid_cksumtype(our_cksum.checksum_type)) {
krb5_free_ap_req(apreq);
return KRB5KDC_ERR_SUMTYPE_NOSUPP;
}
The checksum field is optional in the ASN.1 definition, so may
be missing. (I think that a missing checksum field qualifies
as an unsupported type!)
**** End of Forwarded Message ****
-------
