From ratliff@austin.ibm.com Wed Nov 14 18:48:45 2001
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.72.0.53])
by rt-11.mit.edu (8.9.3/8.9.3) with ESMTP id SAA10143
for <bugs@RT-11.mit.edu>; Wed, 14 Nov 2001 18:48:44 -0500 (EST)
Received: from mg02.austin.ibm.com (mg02.austin.ibm.com [192.35.232.12])
by fort-point-station.mit.edu (8.9.2/8.9.2) with ESMTP id SAA26399
for <krb5-bugs@mit.edu>; Wed, 14 Nov 2001 18:48:43 -0500 (EST)
Received: from austin.ibm.com (netmail2.austin.ibm.com [9.3.7.139])
by mg02.austin.ibm.com (AIX4.3/8.9.3/8.9.3) with ESMTP id RAA25906
for <krb5-bugs@mit.edu>; Wed, 14 Nov 2001 17:56:26 -0600
Received: from spiff.austin.ibm.com (spiff.austin.ibm.com [9.53.216.123])
by austin.ibm.com (AIX4.3/8.9.3/8.9.3) with ESMTP id RAA36076
for <krb5-bugs@mit.edu>; Wed, 14 Nov 2001 17:48:42 -0600
Received: by spiff.austin.ibm.com (Postfix, from userid 501)
id 4156B82ADE; Wed, 14 Nov 2001 17:48:34 -0600 (CST)
Message-Id: <20011114234834.4156B82ADE@spiff.austin.ibm.com>
Date: Wed, 14 Nov 2001 17:48:34 -0600 (CST)
From: ratliff@austin.ibm.com
Reply-To: ratliff@austin.ibm.com
To: krb5-bugs@mit.edu
Cc: ratliff@austin.ibm.com
Subject: bug in accept_sec_context.c
X-Send-Pr-Version: 3.99
System: Linux spiff.austin.ibm.com 2.2.17-21mdk #1 Thu Oct 5 13:16:08 CEST 2000 i686 unknown
Architecture: i686
krb5_gss_accept_sec_context() in accept_sec_context.c. One small
problem remains. The call to the TREAD_STR macro sends bigend
as the third parameter, but the third parameter should be the
expected length of the string or option.length.
Also, in making your changes you separated the comment on line 485
from the code that it is commenting on - that TREAD_STR macro call.
I've included a patch to fix the buglet and move the comment back
down to in front of the call to TREAD_STR.
Thanks!
Emily
diff -ur src.orig/lib/gssapi/krb5/accept_sec_context.c src/lib/gssapi/krb5/accept_sec_context.c
--- src.orig/lib/gssapi/krb5/accept_sec_context.c Wed Nov 14 17:07:03 2001
+++ src/lib/gssapi/krb5/accept_sec_context.c Wed Nov 14 17:25:42 2001
@@ -482,16 +482,16 @@
i -= 4;
- /* have to use ptr2, since option.data is wrong type and
- macro uses ptr as both lvalue and rvalue */
-
if (i < option.length || option.length < 0) {
code = KG_BAD_LENGTH;
major_status = GSS_S_FAILURE;
goto fail;
}
- TREAD_STR(ptr, ptr2, bigend);
+ /* have to use ptr2, since option.data is wrong type and
+ macro uses ptr as both lvalue and rvalue */
+
+ TREAD_STR(ptr, ptr2, option.length);
option.data = (char *) ptr2;
i -= option.length;
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.72.0.53])
by rt-11.mit.edu (8.9.3/8.9.3) with ESMTP id SAA10143
for <bugs@RT-11.mit.edu>; Wed, 14 Nov 2001 18:48:44 -0500 (EST)
Received: from mg02.austin.ibm.com (mg02.austin.ibm.com [192.35.232.12])
by fort-point-station.mit.edu (8.9.2/8.9.2) with ESMTP id SAA26399
for <krb5-bugs@mit.edu>; Wed, 14 Nov 2001 18:48:43 -0500 (EST)
Received: from austin.ibm.com (netmail2.austin.ibm.com [9.3.7.139])
by mg02.austin.ibm.com (AIX4.3/8.9.3/8.9.3) with ESMTP id RAA25906
for <krb5-bugs@mit.edu>; Wed, 14 Nov 2001 17:56:26 -0600
Received: from spiff.austin.ibm.com (spiff.austin.ibm.com [9.53.216.123])
by austin.ibm.com (AIX4.3/8.9.3/8.9.3) with ESMTP id RAA36076
for <krb5-bugs@mit.edu>; Wed, 14 Nov 2001 17:48:42 -0600
Received: by spiff.austin.ibm.com (Postfix, from userid 501)
id 4156B82ADE; Wed, 14 Nov 2001 17:48:34 -0600 (CST)
Message-Id: <20011114234834.4156B82ADE@spiff.austin.ibm.com>
Date: Wed, 14 Nov 2001 17:48:34 -0600 (CST)
From: ratliff@austin.ibm.com
Reply-To: ratliff@austin.ibm.com
To: krb5-bugs@mit.edu
Cc: ratliff@austin.ibm.com
Subject: bug in accept_sec_context.c
X-Send-Pr-Version: 3.99
Show quoted text
>Number: 1015
>Category: krb5-libs
>Synopsis: bug in TREAD_STR macro call in accept_sec_context.c
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Wed Nov 14 18:49:01 EST 2001
>Last-Modified:
>Originator: Emily Ratliff
>Organization:
IBM Linux Technology Center, Security>Category: krb5-libs
>Synopsis: bug in TREAD_STR macro call in accept_sec_context.c
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Wed Nov 14 18:49:01 EST 2001
>Last-Modified:
>Originator: Emily Ratliff
>Organization:
Show quoted text
>Release: krb5-current-20011110
>Environment:
>Environment:
System: Linux spiff.austin.ibm.com 2.2.17-21mdk #1 Thu Oct 5 13:16:08 CEST 2000 i686 unknown
Architecture: i686
Show quoted text
>Description:
You have made several improvements to handling forwarded creds inkrb5_gss_accept_sec_context() in accept_sec_context.c. One small
problem remains. The call to the TREAD_STR macro sends bigend
as the third parameter, but the third parameter should be the
expected length of the string or option.length.
Also, in making your changes you separated the comment on line 485
from the code that it is commenting on - that TREAD_STR macro call.
I've included a patch to fix the buglet and move the comment back
down to in front of the call to TREAD_STR.
Thanks!
Emily
Show quoted text
>How-To-Repeat:
Show quoted text
>Fix:
diff -ur src.orig/lib/gssapi/krb5/accept_sec_context.c src/lib/gssapi/krb5/accept_sec_context.c
--- src.orig/lib/gssapi/krb5/accept_sec_context.c Wed Nov 14 17:07:03 2001
+++ src/lib/gssapi/krb5/accept_sec_context.c Wed Nov 14 17:25:42 2001
@@ -482,16 +482,16 @@
i -= 4;
- /* have to use ptr2, since option.data is wrong type and
- macro uses ptr as both lvalue and rvalue */
-
if (i < option.length || option.length < 0) {
code = KG_BAD_LENGTH;
major_status = GSS_S_FAILURE;
goto fail;
}
- TREAD_STR(ptr, ptr2, bigend);
+ /* have to use ptr2, since option.data is wrong type and
+ macro uses ptr as both lvalue and rvalue */
+
+ TREAD_STR(ptr, ptr2, option.length);
option.data = (char *) ptr2;
i -= option.length;
Show quoted text
>Audit-Trail:
>Unformatted:
>Unformatted: