[3263] in Kerberos-V5-bugs
krb5-libs/1008: tuple check enforces presence of tuples
daemon@ATHENA.MIT.EDU (ratliff@austin.ibm.com)
Thu Nov 1 17:20:04 2001
Resent-From: gnats@rt-11.mit.edu (GNATS Management)
Resent-To: krb5-unassigned@rt-11.mit.edu
Resent-Reply-To: krb5-bugs@MIT.EDU, ratliff@austin.ibm.com
Message-Id: <20011101221942.7F19582ADC@spiff.austin.ibm.com>
Date: Thu, 1 Nov 2001 16:19:42 -0600 (CST)
From: ratliff@austin.ibm.com
Reply-To: ratliff@austin.ibm.com
To: krb5-bugs@mit.edu, ratliff@austin.ibm.com
>Number: 1008
>Category: krb5-libs
>Synopsis: tuple check enforces presence of tuples
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Thu Nov 1 17:20:00 EST 2001
>Last-Modified:
>Originator: Emily Ratliff & Bill Dodd
>Organization:
IBM Linux Technology Center, Security
>Release: krb5-current-20011030
>Environment:
System: Linux spiff.austin.ibm.com 2.2.17-21mdk #1 Thu Oct 5 13:16:08 CEST 2000 i686 unknown
Architecture: i686
>Description:
In src/lib/kadm5/srv/svr_principal.c the code enforces the presence
of tuples even though the tuples seem to be optional.
It seems that the tuples are optional based on the fact that there
are 2 client APIs, kadm5_setkey_principal and kadm5_setkey_principal_3.
kadm5_setkey_principal_3 takes tuple args and kadm5_setkey_principal
does not.
When they get to the server side, both cases are handled by the
server-side kadm5_setkey_principal_3. If kadm5_setkey_principal was
the client-side call, n_ks_tuple and ks_tuple are passed in to the
server-side kadm5_setkey_principal_3 with values of zero. So, if you
want the client-side call to kadm5_setkey_principal to work, the
server-side kadm5_setkey_principal_3 must handle the case where no
tuple info is supplied (n_ks_tuple is zero and ks_tuple is NULL).
This patch checks whether tuples have been supplied in addition
to the check that makes sure that the correct number of tuples have
been supplied.
>How-To-Repeat:
>Fix:
diff -ur src.orig/lib/kadm5/srv/svr_principal.c src/lib/kadm5/srv/svr_principal.c
--- src.orig/lib/kadm5/srv/svr_principal.c Tue Oct 30 14:53:14 2001
+++ src/lib/kadm5/srv/svr_principal.c Tue Oct 30 15:02:00 2001
@@ -1546,7 +1546,7 @@
}
}
- if (n_ks_tuple != n_keys)
+ if (n_ks_tuple && (n_ks_tuple != n_keys))
return KADM5_SETKEY3_ETYPE_MISMATCH;
if ((ret = kdb_get_entry(handle, principal, &kdb, &adb)))
>Audit-Trail:
>Unformatted:
