[2784] in Kerberos-V5-bugs
Re: krb5-libs/467: AFS string_to_key bounds problems...
daemon@ATHENA.MIT.EDU (Doug Engert)
Sat Aug 30 21:20:33 1997
Date: Sat, 30 Aug 1997 20:22:58 -0500
From: Doug Engert <deengert@anl.gov>
Reply-To: deengert@anl.gov
To: "Theodore Y. Ts'o" <tytso@MIT.EDU>
Cc: Ezra Peisach <epeisach@MIT.EDU>, krb5-bugs@MIT.EDU,
krb5-unassigned@rt-11.MIT.EDU, gnats-admin@rt-11.MIT.EDU,
krb5-prs@rt-11.MIT.EDU
Theodore Y. Ts'o wrote:
>
> It's called, "we overloaded the length field and we're now paying the
> price for it". Blech.
>
> Yeah, I think you're write; malloc'ing length+1 and null-terminating the
> realm data is the best way to go.
>
> - Ted
Here is another approach we have been using by proceeding the salt with
AFS:
This works with the DCE security server, since you can store the
salt to use which can include the AFS: followed by the AFS cell name.
Note
that hte AFS cell name does not have to match the K5 realm.
The same aproach might not work with the K5 database.
But in any case note the creation of the null terminated string before
calling the mit_afs_string_to_key to avoid the problem.
Hope this helps.
*** ,string2key.c Tue Apr 9 17:47:24
1996
--- string2key.c Tue Apr 29 17:26:35
1997
***************
*** 78,83
****
--- 78,104
----
key =
keyblock->contents;
if (salt)
{
+ /* ANL Change
*/
+ /* we can store AFS keys in DCE, and set the salt such
that
+ * it is preceeded by
AFS:
+ * If so, pass the rest of the salt to the
afs_string_to_key
+ * But it is cheating, and expecting the salt.data to be
a
+ * null terminated string. This may not be the case from
DCE.
+
*/
+ if ((salt->length >= 4) && !memcmp(salt->data,"AFS:",4))
{
+ krb5_data
afssalt;
+ krb5_error_code
ret;
+ afssalt.length = salt->length -
4;
+ afssalt.data =
(char*)malloc(afssalt.length+1);
+ if
(!afssalt.data)
+
return(ENOMEM);
+ memcpy(afssalt.data,salt->data +
4,afssalt.length);
+ afssalt.data[afssalt.length] = '\0'; /* make it a string
*/
+ ret = mit_afs_string_to_key (eblock, keyblock, data,
&afssalt);
+
free(afssalt.data);
+
return(ret);
+ }
else
+ /* end of ANL change
*/
if (salt->length == -1)
{
/* cheat and do AFS string2key instead
*/
return mit_afs_string_to_key (eblock, keyblock, data,
salt);
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
