Received: from nwkea-mail-2.sun.com (nwkea-mail-2.sun.com [192.18.42.14]) by krbdev.mit.edu (8.9.3p2) with ESMTP id OAA27345; Thu, 12 Feb 2004 14:08:17 -0500 (EST) Received: from jurassic.eng.sun.com ([129.146.17.57]) by nwkea-mail-2.sun.com (8.12.10/8.12.9) with ESMTP id i1CJ7kdO023324; Thu, 12 Feb 2004 11:07:46 -0800 (PST) Received: from 192.129.100.95 (vpn-129-152-200-39.East.Sun.COM [129.152.200.39]) by jurassic.eng.sun.com (8.12.11+Sun/8.12.11) with ESMTP id i1CJ7jSG349494; Thu, 12 Feb 2004 11:07:45 -0800 (PST) Subject: Re: [krbdev.mit.edu #2234] kdc_util.c bug - validate_tgs_request clears all kdc_options From: Wyllys Ingersoll Reply-To: wyllys.ingersoll@sun.com To: rt-comment@krbdev.mit.edu Cc: krb5-prs@mit.edu In-Reply-To: References: Content-Type: text/plain Message-Id: <1076612644.7268.50.camel@pebblebeach.wki.test.net> MIME-Version: 1.0 X-Mailer: Ximian Evolution 1.4.5 Date: Thu, 12 Feb 2004 14:04:04 -0500 Content-Transfer-Encoding: 7bit RT-Send-Cc: X-RT-Original-Encoding: iso-8859-1 Content-Length: 859 On Thu, 2004-02-12 at 13:30, ""Jeffrey Altman [Kermit Project]" via RT" wrote: > Wyllys Ingersoll via RT wrote: > > >The new code in kdc_util.c > > > > request->kdc_options &= ~(TGS_OPTIONS_HANDLED); > > > >Actually causes clears the kdc_options field of all > >handled options, which (in most cases) zeros the field. > >This is probably not intended... > > > >To properly disable unrecognized flags, I think you need > >to do something like this: > > > >badflags = (request->kdc_options & ~(TGS_OPTIONS_HANDLED)); > >request->kdc_options &= ~badflags; > > > >-Wyllys > > > > > Shouldn't this simply be? > > request->kdc_options &= TGS_OPTIONS_HANDLED; er, yup. That'll work too, I was thinking in reverse :) Though, the original suggestion might be OK if you wanted to log a message to indicate what unsupported flags were received. -Wyllys