[982] in Kerberos-V5-bugs
krb5 bsd appl encryption broken
daemon@ATHENA.MIT.EDU (epeisach@MIT.EDU)
Wed Dec 7 12:45:28 1994
From: epeisach@MIT.EDU
Date: Wed, 7 Dec 1994 12:45:20 -0500
To: krb5-bugs@MIT.EDU
Richard's patches which removed htonl, etc, forgot to shift the
bits over... I suspect he tested only on a little endian architecture.
I am also including changes required for v4 des compatibility for 64 bit
architectures.
Ezra
===================================================================
RCS file: /mit/krb5/.cvsroot/src/appl/bsd/krcp.c,v
retrieving revision 5.13
diff -c -r5.13 krcp.c
*** 5.13 1994/11/08 02:37:42
--- krcp.c 1994/12/07 17:42:04
***************
*** 1467,1475 ****
return(-1);
}
! len_buf[0] = (len & 0xff000000);
! len_buf[1] = (len & 0xff0000);
! len_buf[2] = (len & 0xff00);
len_buf[3] = (len & 0xff);
(void) write(fd, len_buf, 4);
if (write(fd, desoutbuf.data,desoutbuf.length) != desoutbuf.length){
--- 1467,1475 ----
return(-1);
}
! len_buf[0] = (len & 0xff000000) >> 24;
! len_buf[1] = (len & 0xff0000) >> 16;
! len_buf[2] = (len & 0xff00) >> 8;
len_buf[3] = (len & 0xff);
(void) write(fd, len_buf, 4);
if (write(fd, desoutbuf.data,desoutbuf.length) != desoutbuf.length){
===================================================================
RCS file: /mit/krb5/.cvsroot/src/appl/bsd/krlogin.c,v
retrieving revision 5.19
diff -c -r5.19 krlogin.c
*** 5.19 1994/11/16 16:49:01
--- krlogin.c 1994/12/07 17:42:02
***************
*** 1753,1761 ****
return(-1);
}
! len_buf[0] = (len & 0xff000000);
! len_buf[1] = (len & 0xff0000);
! len_buf[2] = (len & 0xff00);
len_buf[3] = (len & 0xff);
(void) write(fd, len_buf, 4);
if (write(fd, desoutbuf.data,desoutbuf.length) != desoutbuf.length){
--- 1753,1761 ----
return(-1);
}
! len_buf[0] = (len & 0xff000000) >> 24;
! len_buf[1] = (len & 0xff0000) >> 16;
! len_buf[2] = (len & 0xff00) >> 8;
len_buf[3] = (len & 0xff);
(void) write(fd, len_buf, 4);
if (write(fd, desoutbuf.data,desoutbuf.length) != desoutbuf.length){
***************
*** 1882,1890 ****
/* tell the other end the real amount, but send an 8-byte padded
packet */
! len_buf[0] = (len & 0xff000000);
! len_buf[1] = (len & 0xff0000);
! len_buf[2] = (len & 0xff00);
len_buf[3] = (len & 0xff);
(void) write(fd, len_buf, 4);
#ifdef NOROUNDUP
--- 1882,1890 ----
/* tell the other end the real amount, but send an 8-byte padded
packet */
! len_buf[0] = (len & 0xff000000) >> 24;
! len_buf[1] = (len & 0xff0000) >> 16;
! len_buf[2] = (len & 0xff00) >> 8;
len_buf[3] = (len & 0xff);
(void) write(fd, len_buf, 4);
#ifdef NOROUNDUP
===================================================================
RCS file: /mit/krb5/.cvsroot/src/appl/bsd/krlogind.c,v
retrieving revision 5.30
diff -c -r5.30 krlogind.c
*** 5.30 1994/11/08 02:37:46
--- krlogind.c 1994/12/07 17:39:20
***************
*** 879,885 ****
*/
control(pty, cp, n)
int pty;
! char *cp;
int n;
{
struct winsize w;
--- 879,885 ----
*/
control(pty, cp, n)
int pty;
! unsigned char *cp;
int n;
{
struct winsize w;
***************
*** 1259,1265 ****
int len;
{
int nreturned = 0;
! long net_len,rd_len;
int cc,retry;
unsigned char len_buf[4];
--- 1259,1265 ----
int len;
{
int nreturned = 0;
! krb5_ui_4 net_len,rd_len;
int cc,retry;
unsigned char len_buf[4];
***************
*** 1364,1372 ****
return(-1);
}
! len_buf[0] = (len & 0xff000000);
! len_buf[1] = (len & 0xff0000);
! len_buf[2] = (len & 0xff00);
len_buf[3] = (len & 0xff);
(void) write(fd, len_buf, 4);
if (write(fd, desoutbuf.data,desoutbuf.length) != desoutbuf.length){
--- 1364,1372 ----
return(-1);
}
! len_buf[0] = (len & 0xff000000) >> 24;
! len_buf[1] = (len & 0xff0000) >> 16;
! len_buf[2] = (len & 0xff00) >> 8;
len_buf[3] = (len & 0xff);
(void) write(fd, len_buf, 4);
if (write(fd, desoutbuf.data,desoutbuf.length) != desoutbuf.length){
***************
*** 1634,1641 ****
int len;
{
int nreturned = 0;
! long net_len, rd_len;
int cc;
if (!do_encrypt)
return(read(fd, buf, len));
--- 1634,1642 ----
int len;
{
int nreturned = 0;
! krb5_ui_4 net_len, rd_len;
int cc;
+ unsigned char len_buf[4];
if (!do_encrypt)
return(read(fd, buf, len));
***************
*** 1653,1664 ****
nstored = 0;
}
! if ((cc = krb_net_read(fd, &net_len, sizeof(net_len))) != sizeof(net_len)) {
/* XXX can't read enough, pipe
must have closed */
return(0);
}
! net_len = ntohl(net_len);
if (net_len < 0 || net_len > sizeof(des_inbuf)) {
/* XXX preposterous length, probably out of sync.
act as if pipe closed */
--- 1654,1666 ----
nstored = 0;
}
! if ((cc = krb_net_read(fd, (char *)&len_buf, 4)) != 4) {
/* XXX can't read enough, pipe
must have closed */
return(0);
}
! net_len =
! ((len_buf[0]<<24) | (len_buf[1]<<16) | (len_buf[2]<<8) | len_buf[3]);
if (net_len < 0 || net_len > sizeof(des_inbuf)) {
/* XXX preposterous length, probably out of sync.
act as if pipe closed */
***************
*** 1707,1714 ****
char *buf;
int len;
{
- long net_len;
static char garbage_buf[8];
if (!do_encrypt)
return(write(fd, buf, len));
--- 1709,1716 ----
char *buf;
int len;
{
static char garbage_buf[8];
+ unsigned char len_buf[4];
if (!do_encrypt)
return(write(fd, buf, len));
***************
*** 1744,1751 ****
/* tell the other end the real amount, but send an 8-byte padded
packet */
! net_len = htonl(len);
! (void) write(fd, &net_len, sizeof(net_len));
(void) write(fd, des_outbuf, roundup(len,8));
return(len);
}
--- 1746,1756 ----
/* tell the other end the real amount, but send an 8-byte padded
packet */
! len_buf[0] = (len & 0xff000000) >> 24;
! len_buf[1] = (len & 0xff0000) >> 16;
! len_buf[2] = (len & 0xff00) >> 8;
! len_buf[3] = (len & 0xff);
! (void) write(fd, len_buf, 4);
(void) write(fd, des_outbuf, roundup(len,8));
return(len);
}
