[15256] in Athena Bugs
zephyr libraries
daemon@ATHENA.MIT.EDU (Kev)
Sun Jul 13 12:15:17 1997
From: Kev <klmitch@MIT.EDU>
To: bugs@MIT.EDU
Date: Sun, 13 Jul 1997 12:14:53 EDT
The zephyr library routine Z_Subscriptions() takes as its last argument an
integer called "authit," which is used to determine whether or not to attempt
authentication. However, the first place it is used is this:
/* format the header to figure out how long it is */
retval = Z_FormatHeader(¬ice, header, sizeof(header), &hdrlen, ZAUTH);
if (retval != ZERR_NONE && !authit)
retval = Z_FormatHeader(¬ice, header, sizeof(header),
&hdrlen, ZAUTH);
The bug should be obvious; if authit is 0 and authentication fails,
Z_FormatHeader() will be called twice with exactly the same arguments, which
makes no difference with respect to authentication; obviously, the second
call should use ZNOAUTH instead.
(Source reference:
/afs/athena.mit.edu/astaff/project/zephyr/src/lib/zephyr/ZSubs.c)
--
Kevin L. Mitchell
----------------------------------------------------------
kev@undernet.org kev@wildstar.net klmitch@mit.edu
PGP keys: http://web.mit.edu/klmitch/www/pgp.html
Home Page: http://web.mit.edu/klmitch/www/
