[2711] in Kerberos-V5-bugs

home help back first fref pref prev next nref lref last post

krb5-libs/409: Testing of the Application Version String in recvauth.c

daemon@ATHENA.MIT.EDU (deengert@anl.gov)
Mon Mar 31 16:04:09 1997

Resent-From: gnats@rt-11.MIT.EDU (GNATS Management)
Resent-To: krb5-unassigned@RT-11.MIT.EDU
Resent-Reply-To: krb5-bugs@MIT.EDU, deengert@anl.gov
Date: Mon, 31 Mar 1997 14:53:54 -0600
From: deengert@anl.gov
Reply-To: deengert@anl.gov
To: krb5-bugs@MIT.EDU


>Number:         409
>Category:       krb5-libs
>Synopsis:       Testing of the Application Version String in recvauth.c
>Confidential:   yes
>Severity:       serious
>Priority:       medium
>Responsible:    krb5-unassigned
>State:          open
>Class:          change-request
>Submitter-Id:   unknown
>Arrival-Date:   Mon Mar 31 15:56:01 EST 1997
>Last-Modified:
>Originator:     
>Organization:
 
 Douglas E. Engert  <DEEngert@anl.gov>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439 
 (630) 252-5444
>Release:        1.0
>Environment:
	
System: AIX pembroke 1 4 000300234600


>Description:
 recvauth.c is passed a appl_version string which it tests against
 the appl_version string as provided by sendauth.c. Unlike
 the K4 implementation where this string is passed back
 to the application, K5 insists that they match. This causes problem
 when two different implementations of the client use different
 appl_version strings.

	
>How-To-Repeat:
	
>Fix:
  The following suggested fix allows the applications to pass
  a null pointer for the appl_version to indicate that
  it does not care what the string is.
  All current applications will continue to function, as it
  was not valid to pass a null pointer, and this will give control
  back to the application writer, as to weither or not to check
  the appl_version.

  
*** ,recvauth.c Thu Nov 21 13:00:06 1996
--- recvauth.c  Fri Mar 28 08:24:43 1997
***************
*** 87,93 ****
         */
        if ((retval = krb5_read_message(context, fd, &inbuf)))
                return(retval);
!       if (strcmp(inbuf.data, appl_version)) {
                krb5_xfree(inbuf.data);
                if (!problem)
                        problem = KRB5_SENDAUTH_BADAPPLVERS;
--- 87,93 ----
         */
        if ((retval = krb5_read_message(context, fd, &inbuf)))
                return(retval);
!       if (appl_version && strcmp(inbuf.data, appl_version)) {
                krb5_xfree(inbuf.data);
                if (!problem)
                        problem = KRB5_SENDAUTH_BADAPPLVERS;

	
>Audit-Trail:
>Unformatted:

home help back first fref pref prev next nref lref last post