[748] in Zephyr_Bugs
bug in ZCheckAuthentication in server/kstuff.c
daemon@ATHENA.MIT.EDU (Derrick J. Brashear)
Wed Feb 21 11:48:00 1996
Date: Wed, 21 Feb 1996 11:46:30 -0500 (EST)
From: "Derrick J. Brashear" <shadow+@andrew.cmu.edu>
To: bug-zephyr@MIT.EDU
The following causes some messages for be forged, as the value of
__Zephyr_session can have someone else's session key in it, causing
your session key to be updated incorrectly in control_dispatch()
Enjoy
-D
*** kstuff.c Tue Jul 18 16:29:08 1995
--- kstuff.c.new Wed Feb 21 11:43:42 1996
***************
*** 190,197 ****
* and return ZAUTH_CKSUM_FAILED. This is a rare case (since the
* ticket isn't cached after a checksum failure), so don't worry
* about the extra des_quad_cksum() call. */
! if (checksum == notice->z_checksum)
! return ZAUTH_YES;
}
/* We don't have the session key cached; do it the long way. */
--- 190,200 ----
* and return ZAUTH_CKSUM_FAILED. This is a rare case (since the
* ticket isn't cached after a checksum failure), so don't worry
* about the extra des_quad_cksum() call. */
! if (checksum == notice->z_checksum) {
! (void) memcpy((char *)__Zephyr_session, (char *)session_key,
! sizeof(C_Block));
! return ZAUTH_YES;
! }
}
/* We don't have the session key cached; do it the long way. */
---
