Skip Menu |
 

Subject: asn1_k_encode.c: add_optstring always adds

In lib/krb5/asn.1/asn1_k_encode.c line 758, add_optstring is
defined

#define add_optstring(val,n,fn) \
if ((val).length >= 0)
{asn1_addlenfield((val).length,(val).data,n,fn);}

The comparison should be > 0 - not >= 0.

The only code affected by this change is the sam challenge encoders.


In draft-ietf-krb-wg-kerberos-sam-01.txt all of the fields are listed as
optional general strings - so a zero length string should not be sent.

If the above change is made - then the krb5_encode_test (tests/asn1)
fails - in the sam code.

I would like to fix both the asn.1 encoder and the test output.
To: rt@krbdev.mit.edu
Subject: [krbdev.mit.edu #1224]ASN1 optional fields
Date: Wed, 23 Oct 2002 22:17:10 -0400 (EDT)
From: hartmans@mit.edu (Sam Hartman)
RT-Send-Cc:


Note that at the ASN.1 level, an optional string that is present but
empty is different from a string that is absent. I think that for
Kerberos as it stands today, this change is probably fine, but it is
possible someone will want to distinguish these cases.
To: rt-comment@krbdev.mit.edu
Cc: krb5-prs@MIT.EDU
Subject: Re: [krbdev.mit.edu #1224]ASN1 optional fields
Date: Wed, 23 Oct 2002 22:57:09 -0400
From: Ezra Peisach <epeisach@MIT.EDU>
RT-Send-Cc:
The way that the code is writen today for this sam handling
is that we send it as present - but empty.


I need to look a little more at the decoder - it may be that
present but empty (i.e. len 0) - may have the same effect as
not present at all. The decoder clearly anticipates that
the optional strings may not come over the wire.

Ezra
To: rt-comment@krbdev.mit.edu
Cc: krb5-prs@mit.edu
Subject: Re: [krbdev.mit.edu #1224] asn1_k_encode.c: add_optstring always adds
Date: Wed, 23 Oct 2002 23:36:39 -0400
From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
RT-Send-Cc:
Show quoted text
>The only code affected by this change is the sam challenge encoders.
>
>
>In draft-ietf-krb-wg-kerberos-sam-01.txt all of the fields are listed as
>optional general strings - so a zero length string should not be sent.

I guess it's a good thing I did the new sam checksum stuff the "right"
way, or this would have busted the checksum calculation for sure :-)

--Ken
From: epeisach@mit.edu
Subject: CVS Commit
For sam_challenge do not encode optional strings if string not present.
Previously, a string of length zero was transmitted.


To generate a diff of this commit:



cvs diff -r5.130 -r5.131 krb5/src/lib/krb5/asn.1/ChangeLog
cvs diff -r5.27 -r5.28 krb5/src/lib/krb5/asn.1/asn1_k_encode.c
cvs diff -r1.70 -r1.71 krb5/src/tests/asn.1/ChangeLog
cvs diff -r1.26 -r1.27 krb5/src/tests/asn.1/krb5_decode_test.c
cvs diff -r1.8 -r1.9 krb5/src/tests/asn.1/reference_encode.out
cvs diff -r1.10 -r1.11 krb5/src/tests/asn.1/trval_reference.out