[432] in Kerberos-V5-bugs
krb5_get_server_rcache is either implemented wrong or documented inadequately
daemon@ATHENA.MIT.EDU (Jonathan I. Kamens)
Mon Mar 7 15:09:17 1994
Date: Mon, 7 Mar 1994 15:09:13 -0500
From: "Jonathan I. Kamens" <jik@security.ov.com>
To: krb5-bugs@MIT.EDU
It appears that in the code that implements
krb5_get_server_rcache for the default rcache type (the only one
available right now, I believe), the "piece" argument to the function
is used as part of the file name in which the replay cache is stored.
However, no error checking is done on the contents of "piece", which
means that the rcache open will fail if it contains a slash or a
character with the eighth bit set (unless it's running on a UNIX
variant that allows eight-bit characters in filenames, of course).
Furthermore, if there's a null in "piece" anywhere other than
at the end, any data after the null will be ignored.
I'm not sure whether the problem here is in the documentation
or the implementation. Either the documentation needs to be updated
to reflect exactly what can appear in "piece", or the code needs to be
updated to deal somehow with the characters mentioned above.
Jonathan Kamens | OpenVision Technologies, Inc. | jik@security.ov.com
