From ghudson@MIT.EDU Thu Aug 6 17:27:47 1998 Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id RAA13972 for ; Thu, 6 Aug 1998 17:27:46 -0400 Received: from SMALL-GODS.MIT.EDU by MIT.EDU with SMTP id AA04099; Thu, 6 Aug 98 17:28:14 EDT Received: by small-gods.mit.edu (SMI-8.6/4.7) id RAA04931; Thu, 6 Aug 1998 17:27:45 -0400 Message-Id: <199808062127.RAA04931@small-gods.mit.edu> Date: Thu, 6 Aug 1998 17:27:45 -0400 From: ghudson@MIT.EDU Reply-To: ghudson@MIT.EDU To: krb5-bugs@MIT.EDU Subject: rcp krb4 support X-Send-Pr-Version: 3.99 >Number: 620 >Category: krb5-appl >Synopsis: rcp outgoing encryted krb4 data is broken >Confidential: no >Severity: serious >Priority: low >Responsible: krb5-unassigned >State: open >Class: sw-bug >Submitter-Id: unknown >Arrival-Date: Thu Aug 06 17:28:00 EDT 1998 >Last-Modified: >Originator: Greg Hudson >Organization: MIT >Release: 1.0pl1 >Environment: System: SunOS small-gods.mit.edu 5.6 Generic_105181-05 sun4u sparc SUNW,Ultra-1 Architecture: sun4 >Description: v4_des_write() in kcmd.c does the wrong thing when right_justify is off; it uses garbage_buf without putting the actual data in it. >How-To-Repeat: rcp -x to a host with only a krb4 daemon. >Fix: Index: kcmd.c =================================================================== RCS file: /afs/dev.mit.edu/source/repository/third/krb5/src/appl/bsd/kcmd.c,v retrieving revision 1.2 diff -c -r1.2 kcmd.c *** kcmd.c 1997/10/19 03:44:23 1.2 --- kcmd.c 1998/08/06 21:09:53 *************** *** 1015,1020 **** --- 1015,1023 ---- krb5_random_confounder(8 - len, garbage_buf); /* this "right-justifies" the data in the buffer */ (void) memcpy(garbage_buf + 8 - len, buf, len); + } else { + krb5_random_confounder(8 - len, garbage_buf + len); + (void) memcpy(garbage_buf, buf, len); } (void) pcbc_encrypt((len < 8) ? garbage_buf : buf, des_outpkt+4, >Audit-Trail: >Unformatted: