[361] in Kerberos-V5-bugs

home help back first fref pref prev next nref lref last post

bug in sim_server.c

daemon@ATHENA.MIT.EDU (Jim Miller)
Tue Sep 28 22:38:37 1993

From: jim@bilbo.suite.com (Jim Miller)
Date: Tue, 28 Sep 93 21:26:14 -0500
To: krb5-bugs@MIT.EDU
Cc: kerberos@MIT.EDU
Reply-To: Jim_Miller@suite.com


The code is form Kerberos v, pre-beta 3, but the bug may also be in earlier  
versions.

The bug is in the code that handles the PRIV message.  After getting the data  
from the socket, the code should have set up "packet" to refer to the newly  
read data, but it doesn't do it correctly.

 

Here's the code:


    /* NOW GET ENCRYPTED MESSAGE */

    /* use "recvfrom" so we know client's address */
    i = sizeof(c_sock);
    i = recvfrom(sock, (char *)pktbuf, sizeof(pktbuf), flags,
		 (struct sockaddr *)&c_sock, &i);
    if (i < 0) {
	perror("receiving datagram");
	(void) krb5_rc_close(rcache);
	xfree(rcache);
	exit(1);
    }
    printf("Received %d bytes\n", i);

[stuff deleted]

    if (retval = krb5_rd_priv(&packet, ad->ticket->enc_part2->session,
                                ^**** packet.length is not set, and 

                                      packet.data is correct only by accident

			      portforeign_addr, 0, 0, 0, 0,
			      rcache,
			      &message)) {


--------

sim_server.c should have the following code inserted after the
"Received &d bytes" printf:

+   packet.length = i;
+   packet.data = (krb5_pointer) pktbuf;

It should end up looking like this:


    /* NOW GET ENCRYPTED MESSAGE */

    /* use "recvfrom" so we know client's address */
    i = sizeof(c_sock);
    i = recvfrom(sock, (char *)pktbuf, sizeof(pktbuf), flags,
		 (struct sockaddr *)&c_sock, &i);
    if (i < 0) {
	perror("receiving datagram");
	(void) krb5_rc_close(rcache);
	xfree(rcache);
	exit(1);
    }
    printf("Received %d bytes\n", i);

+   packet.length = i;
+   packet.data = (krb5_pointer) pktbuf;

[stuff deleted]

    if (retval = krb5_rd_priv(&packet, ad->ticket->enc_part2->session,
			      portforeign_addr, 0, 0, 0, 0,
			      rcache,
			      &message)) {

----------


Jim_Miller@suite.com
home help back first fref pref prev next nref lref last post