[3215] in Kerberos-V5-bugs
krb5-libs/960: appl/gssftp/ftp fails when using 3des keys
daemon@ATHENA.MIT.EDU (Douglas Engert)
Tue May 29 17:18:06 2001
Resent-From: gnats@rt-11.mit.edu (GNATS Management)
Resent-To: krb5-unassigned@rt-11.mit.edu
Resent-Reply-To: krb5-bugs@MIT.EDU, b17783@achilles.ctd.anl.gov
Message-Id: <200105292117.QAA07267@orleans.ctd.anl.gov>
Date: Tue, 29 May 2001 16:17:26 -0500 (CDT)
From: Douglas Engert <b17783@achilles.ctd.anl.gov>
Reply-To: b17783@achilles.ctd.anl.gov
To: krb5-bugs@mit.edu
>Number: 960
>Category: krb5-libs
>Synopsis: ftp and ftpd fail with PROT buffer < PBSZ by 4 bytes
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Tue May 29 17:18:01 EDT 2001
>Last-Modified:
>Originator: Douglas Engert
>Organization:
Douglas E. Engert DEEngert@anl.gov
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
>Release: krb5-1.2.2
>Environment:
ALL
System: SunOS orleans.ctd.anl.gov 5.7 Generic_106541-14 sun4u sparc SUNW,Ultra-5_10
Architecture: sun4
>Description:
The FUDGE_FACTOR in the appl/gssftp/ftp/secure.c is not large
enough when using 3des keys.
>How-To-Repeat:
Try the ftp -x when using enctype=16 for a service ticket.
>Fix:
increase the secure.c FUDGE_FACTOR from 64 to 68
You must rebuilt ftp and ftpd
(The line numbers below may be a little off, as I have some Win32
mods in here as well.)
*** ,secure.c Wed Feb 28 16:06:45 2001
--- secure.c Tue May 29 13:12:52 2001
***************
*** 73,79 ****
#ifdef GSSAPI
#undef FUDGE_FACTOR
! #define FUDGE_FACTOR 64 /*It appears to add 52 byts, but I'm not usre it is a constant--hartmans*/
#endif /*GSSAPI*/
#ifndef FUDGE_FACTOR /* In case no auth types define it. */
--- 75,82 ----
#ifdef GSSAPI
#undef FUDGE_FACTOR
! #define FUDGE_FACTOR 68 /*It appears to add 52 byts, but I'm not usre it is a constant--hartmans*/
! /* Increased from 64 to 68. With 3des PBSZ was 4 bytes to small */
#endif /*GSSAPI*/
#ifndef FUDGE_FACTOR /* In case no auth types define it. */
>Audit-Trail:
>Unformatted:
