Skip Menu |
 

Subject: kdc_util.c bug - validate_tgs_request clears all kdc_options
From: Wyllys Ingersoll <wyllys.ingersoll@sun.com>
To: krb5-bugs@mit.edu
Date: Thu, 12 Feb 2004 13:13:45 -0500

The new code in kdc_util.c

request->kdc_options &= ~(TGS_OPTIONS_HANDLED);

Actually causes clears the kdc_options field of all
handled options, which (in most cases) zeros the field.
This is probably not intended...

To properly disable unrecognized flags, I think you need
to do something like this:

badflags = (request->kdc_options & ~(TGS_OPTIONS_HANDLED));
request->kdc_options &= ~badflags;

-Wyllys

--
Wyllys Ingersoll <wyllys.ingersoll@sun.com>
Date: Thu, 12 Feb 2004 13:31:00 -0500
From: Jeffrey Altman <jaltman@columbia.edu>
To: rt-comment@krbdev.mit.edu
Cc: krb5-prs@MIT.EDU
Subject: Re: [krbdev.mit.edu #2234] kdc_util.c bug - validate_tgs_request clears all kdc_options
RT-Send-Cc:
Wyllys Ingersoll via RT wrote:
Show quoted text
The new code in kdc_util.c

    request->kdc_options &= ~(TGS_OPTIONS_HANDLED);

Actually causes clears the kdc_options field of all
handled options, which (in most cases) zeros the field.
This is probably not intended...  

To properly disable unrecognized flags, I think you need
to do something like this:

badflags = (request->kdc_options & ~(TGS_OPTIONS_HANDLED));
request->kdc_options &= ~badflags;

-Wyllys

Shouldn't this simply be?

   request->kdc_options &= TGS_OPTIONS_HANDLED;


Subject: Re: [krbdev.mit.edu #2234] kdc_util.c bug - validate_tgs_request clears all kdc_options
From: Wyllys Ingersoll <wyllys.ingersoll@sun.com>
To: rt-comment@krbdev.mit.edu
Cc: krb5-prs@mit.edu
Date: Thu, 12 Feb 2004 14:04:04 -0500
RT-Send-Cc:
On Thu, 2004-02-12 at 13:30, ""Jeffrey Altman [Kermit Project]" via RT"
wrote:
Show quoted text
> Wyllys Ingersoll via RT wrote:
>
> >The new code in kdc_util.c
> >
> > request->kdc_options &= ~(TGS_OPTIONS_HANDLED);
> >
> >Actually causes clears the kdc_options field of all
> >handled options, which (in most cases) zeros the field.
> >This is probably not intended...
> >
> >To properly disable unrecognized flags, I think you need
> >to do something like this:
> >
> >badflags = (request->kdc_options & ~(TGS_OPTIONS_HANDLED));
> >request->kdc_options &= ~badflags;
> >
> >-Wyllys
> >
> >
> Shouldn't this simply be?
>
> request->kdc_options &= TGS_OPTIONS_HANDLED;

er, yup. That'll work too, I was thinking in reverse :)

Though, the original suggestion might be OK if you wanted
to log a message to indicate what unsupported flags were received.

-Wyllys
From: hartmans@mit.edu
Subject: CVS Commit
Fix logic error.


To generate a diff of this commit:



cvs diff -r5.269 -r5.270 krb5/src/kdc/ChangeLog
cvs diff -r5.110 -r5.111 krb5/src/kdc/kdc_util.c
From: tlyu@mit.edu
Subject: CVS Commit
pullup from trunk


To generate a diff of this commit:



cvs diff -r5.251.2.15 -r5.251.2.16 krb5/src/kdc/ChangeLog
cvs diff -r5.106.2.4 -r5.106.2.5 krb5/src/kdc/kdc_util.c