[3033] in Kerberos-V5-bugs
krb5-appl/684: infinite error loop in ftpd
daemon@ATHENA.MIT.EDU (fcusack@iconnet.net)
Fri Jan 22 18:42:09 1999
Resent-From: gnats@rt-11.MIT.EDU (GNATS Management)
Resent-To: krb5-unassigned@RT-11.MIT.EDU
Resent-Reply-To: krb5-bugs@MIT.EDU, fcusack@iconnet.net
Date: Fri, 22 Jan 1999 18:42:52 -0500 (EST)
From: fcusack@iconnet.net
Reply-To: fcusack@iconnet.net
To: krb5-bugs@MIT.EDU
Cc: fcusack@iconnet.net
>Number: 684
>Category: krb5-appl
>Synopsis: There is a possible infinite loop when ftpd sends replies
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Fri Jan 22 18:42:00 EST 1999
>Last-Modified:
>Originator: Frank Cusack
>Organization:
Qwest Comm.
>Release: krb5-current-19981012
>Environment:
Unix
System: SunOS ratbert 5.6 Generic_105181-09 sun4u sparc SUNW,Ultra-5_10
Architecture: sun4
>Description:
If certain errors occur during reply(), it calls itself again,
which will probably generate the same errors, calling itself
again, ...
This patch is against -current from 10/12/1998; if the gssapi
or ftpd has changed since then they probably won't apply cleanly.
>How-To-Repeat:
>Fix:
Index: ftpd.c
===================================================================
RCS file: /icon/d04/src/3rd-party/krb5-19981012/src/appl/gssftp/ftpd/ftpd.c,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 ftpd.c
--- ftpd.c 1998/10/14 00:47:31 1.1.1.1
+++ ftpd.c 1999/01/22 23:38:00
@@ -1619,13 +1619,19 @@
&in_buf, &conf_state,
&out_buf);
if (maj_stat != GSS_S_COMPLETE) {
+#if 0
+/* Don't setup an infinite loop */
/* generally need to deal */
secure_gss_error(maj_stat, min_stat,
(clevel==PROT_P)?
"gss_seal ENC didn't complete":
"gss_seal MIC didn't complete");
+#endif /* 0 */
} else if ((clevel == PROT_P) && !conf_state) {
+#if 0
+/* Don't setup an infinite loop */
secure_error("GSSAPI didn't encrypt message");
+#endif /* 0 */
} else {
memcpy(out, out_buf.value,
length=out_buf.length);
@@ -2511,12 +2517,15 @@
reply(code, "GSSAPI error: %s", s);
}
+#if 0
+/* Only called from reply, which would setup a loop */
secure_gss_error(maj_stat, min_stat, s)
OM_uint32 maj_stat, min_stat;
char *s;
{
return reply_gss_error(535, maj_stat, min_stat, s);
}
+#endif /* 0 */
#include <krb5.h>
>Audit-Trail:
>Unformatted:
