Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.411 (Entity 5.404) X-RT-Original-Encoding: iso-8859-1 Content-Length: 3544 From fcusack@ratbert.iconnet.net Fri Jan 22 18:41:11 1999 Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id SAA26062 for ; Fri, 22 Jan 1999 18:41:10 -0500 Received: from ratbert.iconnet.net by MIT.EDU with SMTP id AA09391; Fri, 22 Jan 99 18:40:54 EST Received: (from fcusack@localhost) by ratbert.iconnet.net (8.9.1/8.9.1) id SAA03140; Fri, 22 Jan 1999 18:42:52 -0500 (EST) Message-Id: <199901222342.SAA03140@ratbert.iconnet.net> Date: Fri, 22 Jan 1999 18:42:52 -0500 (EST) From: fcusack@iconnet.net Reply-To: fcusack@iconnet.net To: krb5-bugs@MIT.EDU Cc: fcusack@iconnet.net Subject: infinite error loop in ftpd X-Send-Pr-Version: 3.99 >Number: 684 >Category: krb5-appl >Synopsis: There is a possible infinite loop when ftpd sends replies >Confidential: no >Severity: serious >Priority: medium >Responsible: tlyu >State: closed >Class: sw-bug >Submitter-Id: unknown >Arrival-Date: Fri Jan 22 18:42:00 EST 1999 >Last-Modified: Thu Feb 25 23:35:01 EST 1999 >Originator: Frank Cusack >Organization: Qwest Comm. >Release: krb5-current-19981012 >Environment: Unix System: SunOS ratbert 5.6 Generic_105181-09 sun4u sparc SUNW,Ultra-5_10 Architecture: sun4 >Description: If certain errors occur during reply(), it calls itself again, which will probably generate the same errors, calling itself again, ... This patch is against -current from 10/12/1998; if the gssapi or ftpd has changed since then they probably won't apply cleanly. >How-To-Repeat: >Fix: Index: ftpd.c =================================================================== RCS file: /icon/d04/src/3rd-party/krb5-19981012/src/appl/gssftp/ftpd/ftpd.c,v retrieving revision 1.1.1.1 diff -u -r1.1.1.1 ftpd.c --- ftpd.c 1998/10/14 00:47:31 1.1.1.1 +++ ftpd.c 1999/01/22 23:38:00 @@ -1619,13 +1619,19 @@ &in_buf, &conf_state, &out_buf); if (maj_stat != GSS_S_COMPLETE) { +#if 0 +/* Don't setup an infinite loop */ /* generally need to deal */ secure_gss_error(maj_stat, min_stat, (clevel==PROT_P)? "gss_seal ENC didn't complete": "gss_seal MIC didn't complete"); +#endif /* 0 */ } else if ((clevel == PROT_P) && !conf_state) { +#if 0 +/* Don't setup an infinite loop */ secure_error("GSSAPI didn't encrypt message"); +#endif /* 0 */ } else { memcpy(out, out_buf.value, length=out_buf.length); @@ -2511,12 +2517,15 @@ reply(code, "GSSAPI error: %s", s); } +#if 0 +/* Only called from reply, which would setup a loop */ secure_gss_error(maj_stat, min_stat, s) OM_uint32 maj_stat, min_stat; char *s; { return reply_gss_error(535, maj_stat, min_stat, s); } +#endif /* 0 */ #include >Audit-Trail: Responsible-Changed-From-To: krb5-unassigned->tlyu Responsible-Changed-By: tlyu Responsible-Changed-When: Thu Feb 25 23:32:40 1999 Responsible-Changed-Why: refiled State-Changed-From-To: Open-closed State-Changed-By: tlyu State-Changed-When: Thu Feb 25 23:34:21 1999 State-Changed-Why: applied From: Tom Yu To: fcusack@iconnet.net Cc: krb5-bugs@MIT.EDU, fcusack@iconnet.net Subject: Re: krb5-appl/684: There is a possible infinite loop when ftpd sends replies Date: Thu, 25 Feb 1999 23:34:14 -0500 (EST) Thanks for the report. I've applied your patch with a few changes; you can't get rid of secure_gss_error() though, because something in secure.c needs it. ---Tom >Unformatted: