[3035] in Kerberos-V5-bugs
pending/686: Problem in telnet and wintel with large tickets
daemon@ATHENA.MIT.EDU (John Brezak)
Wed Jan 27 21:08:06 1999
Resent-From: gnats@rt-11.MIT.EDU (GNATS Management)
Resent-To: gnats-admin@rt-11.MIT.EDU
Resent-Reply-To: krb5-bugs@MIT.EDU, John Brezak <jbrezak@microsoft.com>
Date: Wed, 27 Jan 1999 18:07:11 -0800
From: John Brezak <jbrezak@microsoft.com>
To: "'krb5-bugs@mit.edu'" <krb5-bugs@MIT.EDU>
>Number: 686
>Category: pending
>Synopsis: Problem in telnet and wintel with large tickets
>Confidential: yes
>Severity: serious
>Priority: medium
>Responsible: gnats-admin
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Wed Jan 27 21:08:00 EST 1999
>Last-Modified:
>Originator:
>Organization:
>Release:
>Environment:
>Description:
>How-To-Repeat:
>Fix:
>Audit-Trail:
>Unformatted:
The static buffers for the authentication data are too small. If a ticket
that has authdata (for instance) is used, it will either trash the stack or
other vars. This is in both telnet and wintel/telnet
$ diff -wc kerberos5.c~ kerberos5.c
*** kerberos5.c~ Sat Nov 09 00:25:16 1996
--- kerberos5.c Thu Jan 28 01:10:17 1999
***************
*** 92,98 ****
#endif /* FORWARD */
! static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
AUTHTYPE_KERBEROS_V5, };
/*static unsigned char str_name[1024] = { IAC, SB, TELOPT_AUTHENTICATION,
TELQUAL_NAME, };*/
--- 92,98 ----
#endif /* FORWARD */
! static unsigned char str_data[2048] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
AUTHTYPE_KERBEROS_V5, };
/*static unsigned char str_name[1024] = { IAC, SB, TELOPT_AUTHENTICATION,
TELQUAL_NAME, };*/
And:
C:\jbrezak\src\MIT-krb5\krb5-win\windows\wintel>diff -wc auth.c~ auth.c
*** auth.c~ Thu Feb 06 19:29:42 1997
--- auth.c Tue Jan 19 01:02:03 1999
***************
*** 209,215 ****
static int
auth_send(kstream ks, unsigned char *parsedat, int end_sub)
{
! char buf[512];
char *pname;
int plen;
int r;
--- 209,215 ----
static int
auth_send(kstream ks, unsigned char *parsedat, int end_sub)
{
! char buf[2048]; /* be sure that this is > auth.length+9 */
char *pname;
int plen;
int r;
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
John Brezak * mailto:jbrezak@microsoft.com
Microsoft Corporation * 425-936-2602
One Microsoft Way
Redmond, WA 98052
