Skip Menu |
 

Download (untitled) / with headers
text/plain 2.9KiB
From b17783@achilles.ctd.anl.gov Mon Mar 31 15:55:45 1997
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id PAA28910 for <bugs@RT-11.MIT.EDU>; Mon, 31 Mar 1997 15:55:44 -0500
Received: from [146.137.72.1] by MIT.EDU with SMTP
id AA25490; Mon, 31 Mar 97 15:54:04 EST
Received: from pembroke.ctd.anl.gov (pembroke.ctd.anl.gov [146.137.64.73]) by achilles.ctd.anl.gov (8.6.11/8.6.11) with ESMTP id OAA12310 for <krb5-bugs@mit.edu>; Mon, 31 Mar 1997 14:53:55 -0600
Received: (b17783@localhost) by pembroke.ctd.anl.gov (8.6.11/8.6.11) id OAA28910; Mon, 31 Mar 1997 14:53:54 -0600
Message-Id: <199703312053.OAA28910@pembroke.ctd.anl.gov>
Date: Mon, 31 Mar 1997 14:53:54 -0600
From: deengert@anl.gov
Reply-To: deengert@anl.gov
To: krb5-bugs@MIT.EDU
Subject: Testing of the Application Version String in recvauth.c
X-Send-Pr-Version: 3.99

Show quoted text
>Number: 409
>Category: krb5-libs
>Synopsis: Testing of the Application Version String in recvauth.c
>Confidential: yes
>Severity: serious
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: change-request
>Submitter-Id: unknown
>Arrival-Date: Mon Mar 31 15:56:01 EST 1997
>Last-Modified: Fri Sep 14 10:31:37 EDT 2001
>Originator: Douglas E. Engert
>Organization:

Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
Show quoted text
>Release: 1.0
>Environment:

System: AIX pembroke 1 4 000300234600


Show quoted text
>Description:
recvauth.c is passed a appl_version string which it tests against
the appl_version string as provided by sendauth.c. Unlike
the K4 implementation where this string is passed back
to the application, K5 insists that they match. This causes problem
when two different implementations of the client use different
appl_version strings.


Show quoted text
>How-To-Repeat:

Show quoted text
>Fix:
The following suggested fix allows the applications to pass
a null pointer for the appl_version to indicate that
it does not care what the string is.
All current applications will continue to function, as it
was not valid to pass a null pointer, and this will give control
back to the application writer, as to weither or not to check
the appl_version.


*** ,recvauth.c Thu Nov 21 13:00:06 1996
--- recvauth.c Fri Mar 28 08:24:43 1997
***************
*** 87,93 ****
*/
if ((retval = krb5_read_message(context, fd, &inbuf)))
return(retval);
! if (strcmp(inbuf.data, appl_version)) {
krb5_xfree(inbuf.data);
if (!problem)
problem = KRB5_SENDAUTH_BADAPPLVERS;
--- 87,93 ----
*/
if ((retval = krb5_read_message(context, fd, &inbuf)))
return(retval);
! if (appl_version && strcmp(inbuf.data, appl_version)) {
krb5_xfree(inbuf.data);
if (!problem)
problem = KRB5_SENDAUTH_BADAPPLVERS;


Show quoted text
>Audit-Trail:
>Unformatted: