[107] in pc-kerberos
Re: Upcoming potential changes in KRBV4*.DLL
daemon@ATHENA.MIT.EDU (Gregory M. Diskin)
Tue Jul 25 17:14:05 1995
Date: Tue, 25 Jul 1995 17:08:30 -0400 (EDT)
From: "Gregory M. Diskin" <diskin+@andrew.cmu.edu>
To: pc-kerberos@MIT.EDU
Cc: shabby@MIT.EDU
In-Reply-To: <199507251508.LAA04021@stargazer.mit.edu>
Chris,
I made two changes to the krb library to get a test leash build to work here.
1) I ifdef'd out the following lines in function passwd_to_key() in
getintkt.c:
if (strcmp(realm, KRB_REALM) == 0)
in_tkt_decrypt_again = 0;
The preceding is now in error in the Andrew realm at CMU since we
now have a mix of des_string_to_key and andrew_string_to_key
encrypted passwords and we need to go on and try both alternatives
if the first fails.
2) In function krb_get_in_tkt() in k_gettkt.c, I changed the declarations:
char s_name[SNAME_SZ];
char s_instance[INST_SZ];
char rlm[REALM_SZ];
to be:
char s_name[MAX_KTXT_LEN];
char s_instance[MAX_KTXT_LEN];
char rlm[MAX_KTXT_LEN];
I realize this is a kludge. The problem is that these buffers are used
for every iteration of the various decryptions of the ticket. If the first
iteration is not the correct method, the various calls to strcpy in the
following lines of code will overflow one or another buffer and create
havoc further down the line. (strcpy won't encounter an expected
NULL to stop the copies).
******************
/* extract server's name */
(void) strcpy(s_name,ptr);
ptr += strlen(s_name) + 1;
if ((strlen(ptr) + (ptr - (char *) cip->dat)) > cip->length)
decrypt_again(INTK_BADPW);
/* extract server's instance */
(void) strcpy(s_instance,ptr);
ptr += strlen(s_instance) + 1;
if ((strlen(ptr) + (ptr - (char *) cip->dat)) > cip->length)
decrypt_again(INTK_BADPW);
/* extract server's realm */
(void) strcpy(rlm,ptr);
ptr += strlen(rlm) + 1;
**********************************
Someone with more time should work on the 'correct' solution.
The hack is to have the buffers as big as the maximum ticket size
so they won't overflow.
Gregg Diskin
Carnegie-Mellon University
