[246] in Kerberos
get_ad_tkt
daemon@TELECOM.MIT.EDU (Theodore Ts'o)
Sun Nov 1 23:13:11 1987
From: Theodore Ts'o <tytso@ATHENA.MIT.EDU>
To: kerberos@ATHENA.MIT.EDU
Reply-To: tytso@ATHENA.MIT.EDU
Right now, get_ad_tkt doesn't do any sanity checking on the
ticket that it gets back from kerberos after it decrypts it. Thus, if
the ticket gets somehow garbled in transit, get_ad_tkt will blithly
(using strcpy, not strncpy, which is *ANOTHER* problem), copy garbage
into s_name and s_inst and the put said garbage into the user's ticket
file.
It should probably check to make sure that the ticket that it
got back from kerberos matches what it asked for by checking the
returned service name/instance strings. After all, get_ad_tkt can't be
*sure* that it is talking to kerberos, so it should be as paranoid as
possible.
- Ted
