Skip Menu |
 

Download (untitled) / with headers
text/plain 2.8KiB
From tytso@MIT.EDU Fri Dec 6 01:03:20 1996
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id BAA11998 for <bugs@RT-11.MIT.EDU>; Fri, 6 Dec 1996 01:03:19 -0500
Received: from DCL.MIT.EDU by MIT.EDU with SMTP
id AA04045; Fri, 6 Dec 96 01:03:19 EST
Received: by dcl.MIT.EDU (5.x/4.7) id AA15773; Fri, 6 Dec 1996 01:03:18 -0500
Message-Id: <9612060603.AA15773@dcl.MIT.EDU>
Date: Fri, 6 Dec 1996 01:03:18 -0500
From: tytso@MIT.EDU
Reply-To: tytso@MIT.EDU
To: krb5-bugs@MIT.EDU
Subject: v4rcp.c has serious problems
X-Send-Pr-Version: 3.99

Show quoted text
>Number: 284
>Category: krb5-appl
>Synopsis: v4rcp.c has serious problems with correctness
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Fri Dec 06 01:04:00 EST 1996
>Last-Modified: Tue Dec 10 05:36:00 EST 1996
>Originator: Theodore Y. Ts'o
>Organization:
mit
Show quoted text
>Release: 1.0-development
>Environment:

System: SunOS dcl 5.4 Generic_101945-37 sun4m sparc


Show quoted text
>Description:

v4rcp.c is a really problematic piece of code.

1) sys_errlist is being blindly defined for all platforms except
NetBSD. Because it's a platform-specific test, FreeBSD fails here as
well. For now (in the 1.0 release), we will "fix" this by adding
FreeBSD to the platform test. Eventually we should elimiate the use
of sys_errlist altogether.

2) sys_errlist is being used all over without first testing to see if
errno is list than sys_nerr. This is inherently dangerous.
Eventually we should just not use sys_errlist, and use
error_message() instead. Let com_err take care of the problem.

3) The return value from krb_recvauth is handled by using krb_krb_err_text()
This is a problem, since 50% of the errors from krb_recvauth are
krb_get_err_text errors, and the other half are errno returns.
Too bad those two error spaces overlap....

Show quoted text
>How-To-Repeat:

Show quoted text
>Fix:

Show quoted text
>Audit-Trail:

From: Sam Hartman <hartmans@MIT.EDU>
To: Unassigned Problem Report <krb5-unassigned@RT-11.MIT.EDU>
Cc: krb5-bugs@MIT.EDU
Subject: Re: krb5-appl/284: v4rcp.c has serious problems with correctness
Date: Tue, 10 Dec 1996 05:35:13 -0500

`Sam Hartman' made changes to this PR.

*** /tmp/gnatsa006Bi Tue Dec 10 05:34:23 1996
--- /tmp/gnatsb006Bi Tue Dec 10 05:34:51 1996
***************
*** 12,18 ****
X-Send-Pr-Version: 3.99

Show quoted text
>Number: 284
! >Category: krb5-clients
Show quoted text
>Synopsis: v4rcp.c has serious problems with correctness
>Confidential: no
>Severity: serious
--- 12,18 ----
X-Send-Pr-Version: 3.99

Show quoted text
>Number: 284
! >Category: krb5-appl
Show quoted text
>Synopsis: v4rcp.c has serious problems with correctness
>Confidential: no
>Severity: serious
>Unformatted:
v4rcp no longer uses sys_errlist; the problem with
krb_recvauth still seems to exist but I do not believe that problem can be solved.