[3312] in Kerberos-V5-bugs

home help back first fref pref prev next nref lref last post

krb5-libs/1060: error in option processing of krb5_gss_accept_sec_context

daemon@ATHENA.MIT.EDU (Dan Riley)
Fri Feb 22 14:34:43 2002

Resent-From: gnats@rt-11.mit.edu (GNATS Management)
Resent-To: krb5-unassigned@rt-11.mit.edu
Resent-Reply-To: krb5-bugs@mit.edu, dsr@mail.lns.cornell.edu
Message-Id: <200202221904.OAA0000019458@lnscu6.lns.cornell.edu>
From: Dan Riley <dsr@mail.lns.cornell.edu>
Reply-To: dsr@mail.lns.cornell.edu
To: krb5-bugs@mit.edu
Errors-To: krb5-bugs-admin@mit.edu
Date: Fri, 22 Feb 2002 14:04:39 -0500 (EST)


>Number:         1060
>Category:       krb5-libs
>Synopsis:       incorrect arg to TREAD_STR in option processing
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    krb5-unassigned
>State:          open
>Class:          sw-bug
>Submitter-Id:   unknown
>Arrival-Date:   Fri Feb 22 14:05:01 EST 2002
>Last-Modified:
>Originator:     Dan Riley
>Organization:
LNS, Cornell U.
>Release:        krb5-1.2.3
>Environment:
System: OSF1 lnscu6.lns.cornell.edu V4.0 1229 alpha
Machine: alpha
>Description:
krb5_gss_accept_sec_context has an argument error that should bite
if it there is more than one option to process.
>How-To-Repeat:
>Fix:

diff -ur krb5-1.2.3/src/lib/gssapi/krb5/accept_sec_context.c krb5/lib/gssapi/krb5/accept_sec_context.c
--- krb5-1.2.3/src/lib/gssapi/krb5/accept_sec_context.c	Wed Jan  9 17:27:43 2002
+++ krb5/lib/gssapi/krb5/accept_sec_context.c	Thu Dec  6 15:29:41 2001
@@ -456,16 +456,16 @@
 
 	       i -= 4;
 
-	       /* have to use ptr2, since option.data is wrong type and
-		  macro uses ptr as both lvalue and rvalue */
-
 	       if (i < option.length || option.length < 0) {
 		   code = KG_BAD_LENGTH;
 		   major_status = GSS_S_FAILURE;
 		   goto fail;
 	       }
 
-	       TREAD_STR(ptr, ptr2, bigend);
+	       /* have to use ptr2, since option.data is wrong type and
+		  macro uses ptr as both lvalue and rvalue */
+
+	       TREAD_STR(ptr, ptr2, option.length);
 	       option.data = (char FAR *) ptr2;
 
 	       i -= option.length;
>Audit-Trail:
>Unformatted:
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
http://mailman.mit.edu/mailman/listinfo/krb5-bugs
home help back first fref pref prev next nref lref last post