[2953] in Kerberos-V5-bugs

home	help	back	first	fref	pref	prev	next	nref	lref	last	post

krb5-appl/620: rcp krb4 support

daemon@ATHENA.MIT.EDU (ghudson@MIT.EDU)
Thu Aug 6 17:38:19 1998

Resent-From: gnats@rt-11.MIT.EDU (GNATS Management)
Resent-To: krb5-unassigned@RT-11.MIT.EDU
Resent-Reply-To: krb5-bugs@MIT.EDU, ghudson@MIT.EDU
Date: Thu, 6 Aug 1998 17:27:45 -0400
From: ghudson@MIT.EDU
Reply-To: ghudson@MIT.EDU
To: krb5-bugs@MIT.EDU


>Number:         620
>Category:       krb5-appl
>Synopsis:       rcp outgoing encryted krb4 data is broken
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    krb5-unassigned
>State:          open
>Class:          sw-bug
>Submitter-Id:   unknown
>Arrival-Date:   Thu Aug 06 17:28:00 EDT 1998
>Last-Modified:
>Originator:     Greg Hudson
>Organization:
MIT
>Release:        1.0pl1
>Environment:
	
System: SunOS small-gods.mit.edu 5.6 Generic_105181-05 sun4u sparc SUNW,Ultra-1
Architecture: sun4

>Description:
v4_des_write() in kcmd.c does the wrong thing when right_justify is off;
it uses garbage_buf without putting the actual data in it.
>How-To-Repeat:
rcp -x to a host with only a krb4 daemon.
>Fix:
Index: kcmd.c
===================================================================
RCS file: /afs/dev.mit.edu/source/repository/third/krb5/src/appl/bsd/kcmd.c,v
retrieving revision 1.2
diff -c -r1.2 kcmd.c
*** kcmd.c	1997/10/19 03:44:23	1.2
--- kcmd.c	1998/08/06 21:09:53
***************
*** 1015,1020 ****
--- 1015,1023 ----
  		krb5_random_confounder(8 - len, garbage_buf);
  		/* this "right-justifies" the data in the buffer */
  		(void) memcpy(garbage_buf + 8 - len, buf, len);
+ 	} else {
+ 		krb5_random_confounder(8 - len, garbage_buf + len);
+ 		(void) memcpy(garbage_buf, buf, len);
  	}
  	(void) pcbc_encrypt((len < 8) ? garbage_buf : buf,
  			    des_outpkt+4,
>Audit-Trail:
>Unformatted:

home	help	back	first	fref	pref	prev	next	nref	lref	last	post