[493] in Kerberos-V5-bugs
Re: Howdy, it is me again
daemon@ATHENA.MIT.EDU (Theodore Ts'o)
Mon Jun 6 23:36:25 1994
Date: Mon, 6 Jun 94 23:35:59 EDT
From: tytso@MIT.EDU (Theodore Ts'o)
To: georgesr@wrq.com
Cc: krb5-bugs@MIT.EDU, Georgesr@elmer.wrq.com
In-Reply-To: georges rahbani's message of Thu, 02 Jun 1994 11:29:01 -0700,
<9406021829.AA19165@MIT.EDU>
Date: Thu, 02 Jun 1994 11:29:01 -0700
From: georgesr@wrq.com (georges rahbani)
Starts at line # 99.
> memcpy((char *)intmp, (char *)&timenow, sizeof(timenow));
>
This looks reasonable above
> while (outseqno < (char *)(seqno+1)) {
> memset((char *)intmp, 0, esize);
This memset clears the effect of line above (it clears intmp). And in any
case if there is a second iteration in the loop, it does clear intmp the
same as well.
You're right. That memset has no business being there. I have no idea
why it's there, but it's been there for a good long time. Thanks for
noticing it. Removing it will significantly improve the randomness of
the sequence numbers generated by Kerberos V5. (It's actually not that
bad since the key that's used is random, but we might as well use the
time to make things better.)
> outseqno += MIN((char *)(seqno+1)-outseqno, esize);
For some reason, I think that this line will automatically cause
outseqno to be equal to (seqno + 1) which in effect causes the loop
to exit at the next iteration. In other words, the loop seems to be
done only once. I don't understand what is going on here.
You're right, the loop will only be done once. I think John was trying
to be overly general here, when it isn't really necessary. If the type
of seqno ever changes to something big, the code will still work, but
that's highly unlikely. On the other hand, the loop doesn't hurt --- it
just obfuscates the code a lot, either. I'll probably end up cleaning
it up.
- Ted
