From krb5-bugs-incoming-bounces@PCH.mit.edu Thu Sep 15 13:27:20 2005 Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (8.9.3p2) with ESMTP id NAA05806; Thu, 15 Sep 2005 13:27:20 -0400 (EDT) Received: from pch.mit.edu (pch.mit.edu [127.0.0.1]) by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id j8FHQmpx026304 for ; Thu, 15 Sep 2005 13:26:48 -0400 Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id j8ENtnpx019107 for ; Wed, 14 Sep 2005 19:55:49 -0400 Received: from mx1.redhat.com (mx1.redhat.com [66.187.233.31]) j8ENthqP002430 for ; Wed, 14 Sep 2005 19:55:44 -0400 (EDT) Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254]) by mx1.redhat.com (8.12.11/8.12.11) with ESMTP id j8ENthvm009635 for ; Wed, 14 Sep 2005 19:55:43 -0400 Received: from devserv.devel.redhat.com (devserv.devel.redhat.com [172.16.58.1]) by int-mx1.corp.redhat.com (8.11.6/8.11.6) with ESMTP id j8ENthV01125 for ; Wed, 14 Sep 2005 19:55:43 -0400 Received: from blade.boston.redhat.com (blade.boston.redhat.com [172.16.80.50])j8ENthVn026009 for ; Wed, 14 Sep 2005 19:55:43 -0400 Received: from blade.boston.redhat.com (localhost.localdomain [127.0.0.1]) j8ENtgCH022094 for ; Wed, 14 Sep 2005 19:55:43 -0400 Received: (from nalin@localhost) by blade.boston.redhat.com (8.13.4/8.13.4/Submit) id j8ENtg6O022093; Wed, 14 Sep 2005 19:55:42 -0400 Date: Wed, 14 Sep 2005 19:55:42 -0400 Message-Id: <200509142355.j8ENtg6O022093@blade.boston.redhat.com> To: krb5-bugs@mit.edu From: nalin@redhat.com X-send-pr-version: 3.99 X-Spam-Score: -1.367 X-Spam-Flag: NO X-Scanned-By: MIMEDefang 2.42 X-Mailman-Approved-At: Thu, 15 Sep 2005 13:26:46 -0400 X-BeenThere: krb5-bugs-incoming@mailman.mit.edu X-Mailman-Version: 2.1 Precedence: list Reply-To: nalin@redhat.com Sender: krb5-bugs-incoming-bounces@PCH.mit.edu Errors-To: krb5-bugs-incoming-bounces@PCH.mit.edu >Submitter-Id: net >Originator: Nalin Dahyabhai >Organization: >Confidential: no >Synopsis: errors reading AS-REP on systems with large numbers of interfaces >Severity: non-critical >Priority: medium >Category: krb5-libs >Class: sw-bug >Release: 1.4.2 >Environment: System: Linux blade.boston.redhat.com 2.6.13-1.1542_FC5smp #1 SMP Tue Sep 6 19:13:02 EDT 2005 i686 athlon i386 GNU/Linux Architecture: i686 >Description: On a system with a large number of network interfaces (I've done this with Linux and 250 network aliases on eth0) with the "noaddresses" option disabled, the default value of MAX_DGRAM_SIZE, which is used to allocate the buffer which is used to read the KDC's response in krb5_sendto_kdc(), is just not large enough to hold the entire response from the KDC. There's no way to change this without recompiling the library and all statically-linked applications. >How-To-Repeat: On a Linux client with a working ethernet interface, turn off the "noaddresses" option, run this script as a superuser: #!/bin/sh iface=0 while test $iface -lt 250 ; do ifconfig eth0:$iface 10.0.0.$iface netmask 255.255.255.0 up iface=`expr $iface + 1` done and then attempt to get a TGT with kinit. >Fix: I'd suggest adding a libdefaults option to allow this to be tuned, with the default being the value of MAX_DGRAM_SIZE. While this doesn't guarantee the correct behavior, it adds a simple workaround for systems which run into this problem. --- krb5/src/lib/krb5/os/osconfig.c +++ krb5/src/lib/krb5/os/osconfig.c @@ -36,7 +36,7 @@ char *krb5_defkeyname = DEFAULT_KEYTAB_NAME; -unsigned int krb5_max_dgram_size = MAX_DGRAM_SIZE; +unsigned int krb5_max_dgram_size = -1; unsigned int krb5_max_skdc_timeout = MAX_SKDC_TIMEOUT; unsigned int krb5_skdc_timeout_shift = SKDC_TIMEOUT_SHIFT; unsigned int krb5_skdc_timeout_1 = SKDC_TIMEOUT_1; --- krb5-1.4.2/src/lib/krb5/os/sendto_kdc.c 2005-07-20 18:52:33.000000000 -0400 +++ krb5-1.4.2/src/lib/krb5/os/sendto_kdc.c 2005-09-14 19:35:31.000000000 -0400 @@ -1043,6 +1043,16 @@ dprint("krb5int_sendto(message=%d@%p)\n", message->length, message->data); + if (krb5_max_dgram_size < 0) { + int tmp; + tmp = profile_get_integer(context->profile, + "libdefaults", "max_dgram_size", NULL, + MAX_DGRAM_SIZE, &krb5_max_dgram_size); + if ((tmp != 0) || (krb5_max_dgram_size < 0)) { + krb5_max_dgram_size = MAX_DGRAM_SIZE; + } + } + reply->data = 0; reply->length = 0;