[478] in Kerberos-V5-bugs
Re: krb5_get_server_rcache is either implemented wrong or documented inadequately
daemon@ATHENA.MIT.EDU (Theodore Ts'o)
Tue May 24 14:33:27 1994
Date: Tue, 24 May 94 14:33:13 EDT
From: tytso@MIT.EDU (Theodore Ts'o)
To: "Jonathan I. Kamens" <jik@security.ov.com>
Cc: krb5-bugs@MIT.EDU
In-Reply-To: "[432] in Kerberos-V5-bugs"
[0432] daemon@ATHENA.MIT.EDU (Jonathan I. Kamens) Kerberos-V5-bugs 03/07/94 15:09 (22 lines)
Date: Mon, 7 Mar 1994 15:09:13 -0500
From: "Jonathan I. Kamens" <jik@security.ov.com>
It appears that in the code that implements
krb5_get_server_rcache for the default rcache type (the only one
available right now, I believe), the "piece" argument to the function
is used as part of the file name in which the replay cache is stored.
However, no error checking is done on the contents of "piece", which
means that the rcache open will fail if it contains a slash or a
character with the eighth bit set (unless it's running on a UNIX
variant that allows eight-bit characters in filenames, of course).
Furthermore, if there's a null in "piece" anywhere other than
at the end, any data after the null will be ignored.
I'm not sure whether the problem here is in the documentation
or the implementation. Either the documentation needs to be updated
to reflect exactly what can appear in "piece", or the code needs to be
updated to deal somehow with the characters mentioned above.
The problem is in the implementation, and it will be fixed for the next
release. "Piece" is typically krb5_princ_component(server, 1);
rd_req_sim.c shows a typical usage of this procedure. I will also make
sure the API documentation is updated to make this more clear.
- Ted
