Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.411 (Entity 5.404) X-RT-Original-Encoding: iso-8859-1 Content-Length: 3049 From b17783@achilles.ctd.anl.gov Mon Mar 31 15:55:45 1997 Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id PAA28910 for ; Mon, 31 Mar 1997 15:55:44 -0500 Received: from [146.137.72.1] by MIT.EDU with SMTP id AA25490; Mon, 31 Mar 97 15:54:04 EST Received: from pembroke.ctd.anl.gov (pembroke.ctd.anl.gov [146.137.64.73]) by achilles.ctd.anl.gov (8.6.11/8.6.11) with ESMTP id OAA12310 for ; Mon, 31 Mar 1997 14:53:55 -0600 Received: (b17783@localhost) by pembroke.ctd.anl.gov (8.6.11/8.6.11) id OAA28910; Mon, 31 Mar 1997 14:53:54 -0600 Message-Id: <199703312053.OAA28910@pembroke.ctd.anl.gov> Date: Mon, 31 Mar 1997 14:53:54 -0600 From: deengert@anl.gov Reply-To: deengert@anl.gov To: krb5-bugs@MIT.EDU Subject: Testing of the Application Version String in recvauth.c X-Send-Pr-Version: 3.99 >Number: 409 >Category: krb5-libs >Synopsis: Testing of the Application Version String in recvauth.c >Confidential: yes >Severity: serious >Priority: medium >Responsible: krb5-unassigned >State: open >Class: change-request >Submitter-Id: unknown >Arrival-Date: Mon Mar 31 15:56:01 EST 1997 >Last-Modified: Fri Sep 14 10:31:37 EDT 2001 >Originator: Douglas E. Engert >Organization: Douglas E. Engert Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 >Release: 1.0 >Environment: System: AIX pembroke 1 4 000300234600 >Description: recvauth.c is passed a appl_version string which it tests against the appl_version string as provided by sendauth.c. Unlike the K4 implementation where this string is passed back to the application, K5 insists that they match. This causes problem when two different implementations of the client use different appl_version strings. >How-To-Repeat: >Fix: The following suggested fix allows the applications to pass a null pointer for the appl_version to indicate that it does not care what the string is. All current applications will continue to function, as it was not valid to pass a null pointer, and this will give control back to the application writer, as to weither or not to check the appl_version. *** ,recvauth.c Thu Nov 21 13:00:06 1996 --- recvauth.c Fri Mar 28 08:24:43 1997 *************** *** 87,93 **** */ if ((retval = krb5_read_message(context, fd, &inbuf))) return(retval); ! if (strcmp(inbuf.data, appl_version)) { krb5_xfree(inbuf.data); if (!problem) problem = KRB5_SENDAUTH_BADAPPLVERS; --- 87,93 ---- */ if ((retval = krb5_read_message(context, fd, &inbuf))) return(retval); ! if (appl_version && strcmp(inbuf.data, appl_version)) { krb5_xfree(inbuf.data); if (!problem) problem = KRB5_SENDAUTH_BADAPPLVERS; >Audit-Trail: >Unformatted: